Samsung SDS IAM & EMM SDS IAM & EM… · IAM & EMM application to authenticate with Samsung SDS IAM...

88
Samsung SDS IAM & EMM User’s Guide Version 17.6 Published: August 2017

Transcript of Samsung SDS IAM & EMM SDS IAM & EM… · IAM & EMM application to authenticate with Samsung SDS IAM...

Page 1: Samsung SDS IAM & EMM SDS IAM & EM… · IAM & EMM application to authenticate with Samsung SDS IAM & EMM Mobile Authenticator—see “Using the Samsung SDS IAM & EMM application

 

Samsung SDSIAM & EMMUser’s Guide

Version 17.6

Published: August 2017

Page 2: Samsung SDS IAM & EMM SDS IAM & EM… · IAM & EMM application to authenticate with Samsung SDS IAM & EMM Mobile Authenticator—see “Using the Samsung SDS IAM & EMM application

Before using this information and the product it supports, be sure to read the general information on this page.

Publisher Samsung SDS Co., Ltd

Address 125, 35-Gil, Olympic-Ro, Songpa-Gu, Seoul, South Korea.

Phone +82 1644 0030

Email [email protected]

Website www.samsungsdsbiz.com

This edition applies to Samsung SDS IAM & EMM Version 17.6, and to all subsequent releases and modifications thereof until otherwise indicated in new editions. Make sure you are using the correct edition for your product.

Samsung SDS Co., Ltd. has credence in the information contained in this document. However, Samsung SDS is not responsible for any circumstances which arise from inaccurate content or typographical errors.

The content and specifications in this document are subject to change without notice.

Samsung SDS Co., Ltd. holds all intellectual property rights, including the copyrights, to this document. Using, copying, disclosing to a third party or distributing this document without explicit permission from Samsung SDS is strictly prohibited. These activities constitute an infringement of the intellectual property rights of this company.

Any reproduction or redistribution of part or all of these materials is strictly prohibited except as permitted by the license or by the express permission of Samsung SDS Co., Ltd. Samsung SDS Co., Ltd. owns the intellectual property rights in and to this document. Other product and company names referenced in this document are trademarks or registered trademarks of their respective owners.

Copyright ⓒ 2017 Samsung SDS Co., Ltd. All rights reserved.

Page 3: Samsung SDS IAM & EMM SDS IAM & EM… · IAM & EMM application to authenticate with Samsung SDS IAM & EMM Mobile Authenticator—see “Using the Samsung SDS IAM & EMM application

Contents

Chapter 1 Samsung SDS IAM & EMM user portal help 1

Using the tabs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2

Using multi factor authentication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .3

Viewing in different languages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6

Using the menu options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7

Logging in to the user portal from your device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9

Why you cannot log in some times . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10

Chapter 2 Using Apps 11

Launching applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .12

Launching sessions on target resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14

Installing the browser extension . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15

Updating your user identity for an application . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18

Organizing your applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19

Adding web applications to the Apps page . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20

Requesting access to an application . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25

Removing web applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27

Chapter 3 Using Devices 28

Adding a device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29

Viewing your device information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .33

Sending commands to devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .35

Issuing derived credentials to your devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .38

Chapter 4 Using Activity 40

Chapter 5 Using Account 41

Creating a security question and answer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .42

Changing your network log in password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .43

Modifying an Active Directory User account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .44

Modifying a Samsung directory User account . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .45

Managing authentication keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .46

iii

Page 4: Samsung SDS IAM & EMM SDS IAM & EM… · IAM & EMM application to authenticate with Samsung SDS IAM & EMM Mobile Authenticator—see “Using the Samsung SDS IAM & EMM application

Chapter 6 Enrolling an Android device and using the Samsung SDS IAM & EMM cli-ent47

Enrolling an Android device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .48

Using the Samsung SDS IAM & EMM client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .50

About kiosk mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .59

Creating a Samsung Knox container . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .60

Using Knox containers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .65

Using Samsung SDS IAM & EMM WebApps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .68

Installing mobile applications on Samsung Workspace devices . . . . . . . . . . . . . . . . . .71

Locking a Knox container . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .74

Unenrolling your device . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .76

Uninstalling the Samsung SDS IAM & EMM client . . . . . . . . . . . . . . . . . . . . . . . . . .77

Chapter 7 Enrolling a Windows 10 Device 78

Samsung SDS IAM & EMM user portal user’s guide iv

Page 5: Samsung SDS IAM & EMM SDS IAM & EM… · IAM & EMM application to authenticate with Samsung SDS IAM & EMM Mobile Authenticator—see “Using the Samsung SDS IAM & EMM application

Chapter 1

Samsung SDS IAM & EMM user portal help

The Samsung SDS IAM & EMM user portal is your interface to the Samsung service. From the portal, you open web applications assigned to you by your IT department and manage the devices you enroll in the Samsung service.

Click Sign Out—next to your user name—to log out of the Samsung SDS IAM & EMM user portal and Help to open the online help.

Relevant topics are:

“Using the tabs” on page 2

“Using multi factor authentication” on page 3

“Viewing in different languages” on page 6

“Using the menu options” on page 7

“Logging in to the user portal from your device” on page 9

“Why you cannot log in some times” on page 10

Chapter 1 • Samsung SDS IAM & EMM user portal help 1

Page 6: Samsung SDS IAM & EMM SDS IAM & EM… · IAM & EMM application to authenticate with Samsung SDS IAM & EMM Mobile Authenticator—see “Using the Samsung SDS IAM & EMM application

Using the tabs

Using the tabsThe user portal interface has four tabs across the top of the screen. You use the tabs to do the following:

Apps: Shows the web applications assigned to you.

You can also add your own web applications to this page. See “Using Apps” on page 11 for the details.

Devices: List the devices you have enrolled in the Samsung service.

When you enroll devices in the Samsung service, you can use those devices to access the applications that are on the user portal. In addition, if your organization uses the Samsung service for mobile device management, you can manage the device from the user portal. See “Using Devices” on page 28 for the details.

See the following topics to enroll a device:

“Enrolling an Android device and using the Samsung SDS IAM & EMM client” on page 47

“Enrolling an iOS device and using the Samsung SDS IAM & EMM client” on page 78

Activity: Display your user portal activity log.

See “Using Activity” on page 40 for the details.

Account: Display your Samsung service account information.

See “Using Account” on page 41 for the details.

Chapter 1 • Samsung SDS IAM & EMM user portal help 2

Page 7: Samsung SDS IAM & EMM SDS IAM & EM… · IAM & EMM application to authenticate with Samsung SDS IAM & EMM Mobile Authenticator—see “Using the Samsung SDS IAM & EMM application

Using multi factor authentication

Using multi factor authenticationSome organizations require you to provide multifactor authentication when you log in to the user portal, open an application, or enroll a device. Multifactor authentication means you must enter your password plus provide another form of authentication to log in.

The Samsung service provides the following forms of authentication:

Your IT administrator can enable all of them or just some of them. Your options are displayed in a drop-down list in the login prompt. Make your selection after you enter your password.

Using Samsung SDS IAM & EMM Mobile Authenticator

The Samsung service uses your device notification service to send your device a passcode when you choose Samsung SDS IAM & EMM Mobile Authenticator as your additional authentication method. You can use either the passcode or the Samsung SDS IAM & EMM application to complete the authentication process.

You must have the “Show notifications” device setting enabled to use your device notification for authentication. If this feature is not turned on, you use the Samsung SDS IAM & EMM application to authenticate with Samsung SDS IAM & EMM Mobile Authenticator—see “Using the Samsung SDS IAM & EMM application as the Mobile Authenticator response” on page 4.

Note Do not select this option if you are logging in to an application from the same device.

Authentication form How you respond to complete the login

Samsung SDS IAM & EMM Mobile Authenticator

You can respond using either the Mobile Authenticator option in the Samsung SDS IAM & EMM application or your device’s notification service. See “Using Samsung SDS IAM & EMM Mobile Authenticator” on page 3 for the details.

Third Party Authenticator You enter the one-time-passcode (OTP) from a third party authenticator to log in to the user portal. See “Using a third party authenticator application” on page 4.

Email verification code Access the relevant email account, open the email message, and click the link or manually enter the one-time code.

SMS verification code Open the text message sent to the phone number indicated and either click the link or enter the code in the user portal prompt.

Note: The device must be connected to use the link.

Answer Security Question Provide the answer to the security question you created.

You create your security question and answer on the Accounts page in the user portal—see “Creating a security question and answer” on page 42.

Phone call Answer the call to the phone number indicated and follow the instructions.

Chapter 1 • Samsung SDS IAM & EMM user portal help 3

Page 8: Samsung SDS IAM & EMM SDS IAM & EM… · IAM & EMM application to authenticate with Samsung SDS IAM & EMM Mobile Authenticator—see “Using the Samsung SDS IAM & EMM application

Using multi factor authentication

When you select Samsung SDS IAM & EMM Mobile Authenticator as the additional authentication method, the notification is sent to your device after you enter your password. Responding to the notification is slightly different for Android and iOS devices.

Using the Samsung SDS IAM & EMM application as the Mobile Authenticator response

The Mobile Authenticator option on the Samsung SDS IAM & EMM application is enabled using the Show Authenticator option on the Settings page. If your system administrator has not enabled this option, you must enable it manually before you can use this feature.

To use the Samsung SDS IAM & EMM application as the Mobile Authenticator response:

1 Open the Samsung SDS IAM & EMM application on the device.

2 Tap Mobile Authenticator.

If your systems administrator has required finger print authentication (or PIN as a fallback option), then you must provide this information to access the mobile authenticator code.

3 Enter the code in the login prompt to complete authentication.

Using a third party authenticator application

You can use a one-time-passcode (OTP) to log in to the user portal. You use a third party authenticator (like Google Authenticator) to scan a Samsung SDS IAM & EMM generated QR code and get the OTP.

Important: Your system administrator must enable this third party OTP feature before you can use it.

To get a OTP using a third party authenticator:

1 Log in to the user portal.

2 Click Account > Security > Show QR Code.

Chapter 1 • Samsung SDS IAM & EMM user portal help 4

Page 9: Samsung SDS IAM & EMM SDS IAM & EM… · IAM & EMM application to authenticate with Samsung SDS IAM & EMM Mobile Authenticator—see “Using the Samsung SDS IAM & EMM application

Using multi factor authentication

Note: The text associated with the Show QR Code button reflects the text that your systems administrator entered when they configured this feature.

The QR code displays.

3 Use a third party authenticator application on your phone to scan the QR code.

4 A passcode is displayed on the third party authenticator application and on the Passcode page of the Samsung SDS IAM & EMM application.

You can now use the passcode to log in to the user portal.

Chapter 1 • Samsung SDS IAM & EMM user portal help 5

Page 10: Samsung SDS IAM & EMM SDS IAM & EM… · IAM & EMM application to authenticate with Samsung SDS IAM & EMM Mobile Authenticator—see “Using the Samsung SDS IAM & EMM application

Viewing in different languages

Viewing in different languagesThe user portal is available in several languages, including French, German, Spanish, Italian, Japanese, Chinese, and Korean. If you would prefer a language other than English, you change the language in the browser.

For example, to change the language in Firefox you click the Firefox drop-down menu, click Options, and then click the Content tab. Click the Choose button to select a different language. To change the language in Chrome, you click the browser menu, click Settings, click Show Advanced Settings, and scroll down to Languages to choose another language.

Chapter 1 • Samsung SDS IAM & EMM user portal help 6

Page 11: Samsung SDS IAM & EMM SDS IAM & EM… · IAM & EMM application to authenticate with Samsung SDS IAM & EMM Mobile Authenticator—see “Using the Samsung SDS IAM & EMM application

Using the menu options

Using the menu optionsThe user portal provides a menu with options you use to configure portal settings and perform a couple of administrative tasks. The menu drops down from your account name.

You use the other menu options to perform the following tasks:

“Setting your default Application Filter” on page 7

“Disabling device location tracking” on page 7

“Reloading your rights” on page 8

“Switching to Admin Portal” on page 8

Note The “Switch to Admin Portal” option is only displayed for users that have Samsung service administrator privileges.

Setting your default Application Filter

You can define the default set of applications that are displayed on the Apps page of the user portal. You can also filter by a tag if you have created one—see “Creating your own tags” on page 19.

To set the default application filter:

1 Open the user portal and click the drop-down menu next to your user name.

2 Select Settings.

3 Expand the Default Filter drop-down list.

4 Select a tag.

5 Click Save.

6 Sign-out and sign back in to the Samsung SDS IAM & EMM user portal.

7 Confirm that the Apps page shows the expected filter in the Search drop down box.

Disabling device location tracking

The user portal shows the location of each of your Android and iOS devices on the device details page unless location tracking is disabled on the device.

If you enable device location tracking but the map does not appear on the user portal, check the device to ensure that device tracking is enabled.

By default location tracking is enabled. If you do not see the option to disable device location tracking, it means your systems administrator has made location tracking mandatory.

Chapter 1 • Samsung SDS IAM & EMM user portal help 7

Page 12: Samsung SDS IAM & EMM SDS IAM & EM… · IAM & EMM application to authenticate with Samsung SDS IAM & EMM Mobile Authenticator—see “Using the Samsung SDS IAM & EMM application

Using the menu options

To disable device location tracking:

1 From the drop-down menu, select Settings.

2 Click Do not track my device locations to set the check box.

3 Click Save.

4 Refresh the Devices page to remove the map.

Reloading your rights

You use the Reload menu option to ensure that you have Samsung service permission and your most current Samsung service mobile device policy profiles.

If the administrator has notified you that a new permission has been added or that you have new mobile device policies, click Reload to get the updates.

Note To make sure that the Samsung SDS IAM & EMM user portal lists all of the web applications assigned to you, click the browser refresh button.

Switching to Admin Portal

If you have Samsung SDS IAM & EMM administrator privileges, you can switch to your Admin Portal account by using the Switch to Admin Portal option in the drop-down menu.

Similarly, you can return to the Samsung SDS IAM & EMM user portal from Admin Portal using the Switch to User Portal option in the same drop-down menu.

Chapter 1 • Samsung SDS IAM & EMM user portal help 8

Page 13: Samsung SDS IAM & EMM SDS IAM & EM… · IAM & EMM application to authenticate with Samsung SDS IAM & EMM Mobile Authenticator—see “Using the Samsung SDS IAM & EMM application

Logging in to the user portal from your device

Logging in to the user portal from your deviceGenerally, you should use the Samsung SDS IAM & EMM application to log in to the Samsung service from your device. However, there may be occasions when you want to log in to the user portal from your device rather than use the Samsung SDS IAM & EMM application. To log in, you open your device native browser and enter the following URL:https://cloud.samsungemm.com/my

After you are logged in, you can use the portal in the same way as you do from your computer browser. There are a few constraints:

You must use the device native browser.

Some applications cannot be opened. For example, you cannot open applications that require the browser extension. See “Launching applications” on page 12 for the details.

There may be a policy that prevents your from logging in.

Chapter 1 • Samsung SDS IAM & EMM user portal help 9

Page 14: Samsung SDS IAM & EMM SDS IAM & EM… · IAM & EMM application to authenticate with Samsung SDS IAM & EMM Mobile Authenticator—see “Using the Samsung SDS IAM & EMM application

Why you cannot log in some times

Why you cannot log in some timesYour IT administrator can set a policy that prevents you from logging in to the user portal based on your location. For example, the policy can be set so that you can log in to the user portal when your computer is on your organization’s intranet. However, when you are outside the intranet (for example, at a coffee shop) you cannot.

If you find that there are times you cannot log in, it may be based on this policy. Contact your IT administrator for more information.

Chapter 1 • Samsung SDS IAM & EMM user portal help 10

Page 15: Samsung SDS IAM & EMM SDS IAM & EM… · IAM & EMM application to authenticate with Samsung SDS IAM & EMM Mobile Authenticator—see “Using the Samsung SDS IAM & EMM application

Chapter 2

Using Apps

The Apps page shows the web applications your system administrator has assigned to you and those you have added yourself (if you have the relevant permissions). Clicking the application icon opens it in your default browser.

Here is a sample Apps page populated with several web applications:

If this page is blank, your system administrator has not deployed any web applications to you.

Additional relevant topics:

“Launching applications” on page 12

Launching sessions on target resources

“Updating your user identity for an application” on page 18

“Organizing your applications” on page 19

“Adding web applications to the Apps page” on page 20

“Requesting access to an application” on page 25

“Removing web applications” on page 27

Chapter 2 • Using Apps 11

Page 16: Samsung SDS IAM & EMM SDS IAM & EM… · IAM & EMM application to authenticate with Samsung SDS IAM & EMM Mobile Authenticator—see “Using the Samsung SDS IAM & EMM application

Launching applications

Launching applications To launch an application, click the icon.

If the application requires you to enter your user name and password to sign in, the Samsung service prompts you to enter the user name and password the first time you open the application and stores your credentials. These credentials may differ from the user name and password you use to log in to the user portal. The next time you sign in to the application—either from the Samsung SDS IAM & EMM user portal or a device—the Samsung service automatically authenticates you.

Applications can have any of the following symbols to indicate restrictions or statuses:

Key: Indicates that the application is tagged as a gateway application but you are not logged in from inside your corporate firewall.

Blocked: Indicates that you cannot open the application.

Your IT administrator configures applications to control when you can access them. For example, an application can be configured so that you can open it after you log in to the user portal from your office computer. However, the same application can be blocked when you log in to the user portal from outside the office.

Jigsaw puzzle piece: Indicates that the application requires you to install an extension (Samsung SDS IAM & EMM Browser Extension) in your browser to log in the provides single sign-on to applications.

You only need to install the browser extension one time for access to other applications with this same requirement. See “Installing the browser extension” on page 15 for the details. After you install the extension, the symbol is removed from all of the applications.

You install the extension separately on each computer. For example, if you use Firefox from a desktop computer and Firefox on a laptop, you need to install the extension in each browser.

You do not need to install the browser extension on your device’s browser.

Chapter 2 • Using Apps 12

Page 17: Samsung SDS IAM & EMM SDS IAM & EM… · IAM & EMM application to authenticate with Samsung SDS IAM & EMM Mobile Authenticator—see “Using the Samsung SDS IAM & EMM application

Launching applications

Shared: Indicates that you do not need to enter any log in credentials to access the application. Your system administrator has configured for all users to use the same log in credentials, so the Samsung service automatically logs you in using those credentials.

New: Indicates that this application has been newly deployed by your system administrator. After you launch the application or access Application Settings, the “new” designation is automatically removed.

Chapter 2 • Using Apps 13

Page 18: Samsung SDS IAM & EMM SDS IAM & EM… · IAM & EMM application to authenticate with Samsung SDS IAM & EMM Mobile Authenticator—see “Using the Samsung SDS IAM & EMM application

Launching sessions on target resources

Launching sessions on target resourcesIf you have been assigned a role with Portal Login rights, you might be able to log on to selected resources using a stored account and password directly from the User Portal. If you see an account and resource combination displayed as an application tile (similar to the image below) in the User Portal on the Apps tab, you can click the application tile to log on to the resource through a secure shell or remote desktop session without having the account password or access to the Privilege Manager portal.

Chapter 2 • Using Apps 14

Page 19: Samsung SDS IAM & EMM SDS IAM & EM… · IAM & EMM application to authenticate with Samsung SDS IAM & EMM Mobile Authenticator—see “Using the Samsung SDS IAM & EMM application

Installing the browser extension

Installing the browser extensionApplications with the jigsaw puzzle symbol require you to add the Samsung SDS IAM & EMM Browser Extension to your browser before you can open the application.

You have two options for installing the browser extension:

Click here in the banner.

Click any application icon that has the jigsaw puzzle symbol.

You only need to add this browser extension one time. After you do, the jigsaw puzzle symbol is removed from all of the application icons.

The procedure you use depends upon your browser:

“Installing the browser extension in Internet Explorer” on page 15

“Installing the browser extension in Chrome” on page 16

“Installing the browser extension in Safari” on page 16

“Installing the browser extension in Firefox” on page 17

Installing the browser extension in Internet Explorer

To perform this procedure, have the user portal open in the browser.

To install the Samsung SDS IAM & EMM Browser Extension in Internet Explorer from the user portal:

1 Log in to the user portal and navigate to the Apps page.

2 Click “here” in the banner to initiate the download and installation of the browser extension.

3 Click Run in the pop up window.

4 Click Next in the Samsung SDS IAM & EMM Browser Extension Setup Wizard to proceed.

Continue responding to the prompts.

5 Click Close to exit the wizard.

6 Close the browser tab used by the wizard.

7 Click the Tools menu in the Internet Explorer’s tool bar.

8 Click Manage add-ons.

9 In the pop-up window, click the Samsung SDS IAM & EMM Browser Extension and click the Enable button.

Chapter 2 • Using Apps 15

Page 20: Samsung SDS IAM & EMM SDS IAM & EM… · IAM & EMM application to authenticate with Samsung SDS IAM & EMM Mobile Authenticator—see “Using the Samsung SDS IAM & EMM application

Installing the browser extension

10 Click Close.

11 Restart Internet Explorer.

You can now open all applications that require the browser extension.

Installing the browser extension in Chrome

To perform this procedure, have the user portal open in the browser.

To install the Samsung SDS IAM & EMM Browser Extension in Chrome from the user portal:

1 Click the Apps page.

2 Click “here” in the banner to initiate the download and installation of the browser extension.

3 The browser opens a new tab to download and install the browser extension.

4 Click Continue in response to the prompt “Are you sure you want to continue?” at the bottom of the window.

The browser downloads the extension for Chrome

5 Click Add.

This installs the extension in Chrome.

6 Close the tab used to download and install the extension.

You are returned to the user portal Apps screen. You can now open all applications that require the browser extension.

Note You may have to restart the browser.

Installing the browser extension in Safari

To perform this procedure, have the user portal open in the browser.

To install the Samsung SDS IAM & EMM Browser Extension in Safari from the user portal:

1 Click the Apps page.

2 Click “here” in the banner to initiate the download and installation of the browser extension.

3 Click the Downloads icon in the location bar (or open the Downloads folder) and double-click Samsung SDS IAM & EMM Browser Extension Safari extension (safariextz) file.

4 Click Install.

5 Restart Safari.

Chapter 2 • Using Apps 16

Page 21: Samsung SDS IAM & EMM SDS IAM & EM… · IAM & EMM application to authenticate with Samsung SDS IAM & EMM Mobile Authenticator—see “Using the Samsung SDS IAM & EMM application

Installing the browser extension

The browser extension is installed.

Installing the browser extension in Firefox

You install the browser extension in a Firefox browser for two purposes:

To open applications that have the jigsaw puzzle piece symbol in the icon.

Perform the following procedure to enable the Firefox browser to run the applications with the jigsaw puzzle piece.

To use the App Capture utility in Samsung SDS IAM & EMM Infinite Apps to add web applications to your user portal.

Note Using App Capture is subject to a permission granted by your IT department. It lets you add applications that are not listed in the Samsung SDS IAM & EMM App Catalog. See “Using App Capture” on page 21 for the details.

If you do not use Firefox as your everyday browser, you can still use it just for adding applications. The applications you add using Firefox are also added to the Apps page on your everyday browser.

Before you begin the following procedure, open Firefox, enter the following URLhttps://cloud.samsungemm.com/my

and log in to the user portal with your user name and password.

To install the Samsung SDS IAM & EMM Browser Extension in Firefox from the user portal:

1 Click the Apps page.

2 Click “here” in the banner to initiate the download and installation of the browser extension.

3 Click Allow in the Firefox pop up window.

Firefox downloads the extension.

4 Click Install Now.

5 Click Restart Now.

6 Restart your browser.

The browser extension is installed.

If you have permission to add applications, the drop-down menu includes the Capture item--see “Using App Capture” on page 21. If you do not have the relevant permission, the drop-down menu just contains “Signed in.”

Chapter 2 • Using Apps 17

Page 22: Samsung SDS IAM & EMM SDS IAM & EM… · IAM & EMM application to authenticate with Samsung SDS IAM & EMM Mobile Authenticator—see “Using the Samsung SDS IAM & EMM application

Updating your user identity for an application

Updating your user identity for an applicationIf you change your user name or password for an application that has already been deployed to the user portal, you must update it on the user portal to continue using single sign-on. If the Samsung SDS IAM & EMM client has been deployed to a device, then the update made on the user portal will synchronize with the device and vice versa.

To update your user identity for an application:

1 Open the Samsung SDS IAM & EMM user portal and click Apps.

2 Hover your cursor in the application’s box and click the gear when it appears.

The Samsung SDS IAM & EMM user portal displays a pop up window to configure that application.

3 Click User Identity.

4 Enter the user name and password for this application.

5 (Optional) If you want to copy your password, click the paper icon in the Password field. The copied password can now be pasted elsewhere.

You may not have this option if your system administrator has disabled it.

Important: You must have Adobe Flash installed and enabled to use this feature.

6 (Optional) If you want to see your password unencrypted, click the eye icon in the Password field.

You can now copy the password or proceed with the workflow.

You may not have this option if your system administrator has disabled it.

7 Click Save.

Chapter 2 • Using Apps 18

Page 23: Samsung SDS IAM & EMM SDS IAM & EM… · IAM & EMM application to authenticate with Samsung SDS IAM & EMM Mobile Authenticator—see “Using the Samsung SDS IAM & EMM application

Organizing your applications

Organizing your applicationsBy default, the Apps screen lists all of your web applications. You can filter it to show just your most frequently used applications or groups of applications you have tagged. You use the icons to the left of the drop-down list to view all applications or applications by group, and the drop-down list to select the filter.

You can define the default set of applications that are displayed on the Samsung SDS IAM & EMM user portal—see “Setting your default Application Filter” on page 7.

Creating your own tags

You can create your own tags for organizing the applications. For example, you could create a tag “Online storage” to show just the applications you use to store files in the cloud (for example, Box and Egnyte) and another to show just the applications you use to make travel arrangements.

To create and assign a tag:

1 Click the settings icon (three vertical dots) associated with the application you want to configure.

2 Expand Tags.

The Add Tags text box contains tags you have already created for this application.

3 Use the drop down list to select an existing tag or create a new one.

An application can have multiple tags. If you want to apply another tag to the application, repeat this step.

4 Click Save.

Repeat this procedure for all of the applications you want to appear under the same tag. Tags that you create here override the default application grouping defined by your system administrator.

To delete a tag from an application:

1 Click the settings icon (three vertical dots) associated with the application you want to configure.

2 Expand Tags.

3 In the Add Tags text box, click the delete (X) button for the tag you want to delete.

4 Click Save.

If you delete all tags from an application, the application reverts to the default grouping defined by your system administrator.

Chapter 2 • Using Apps 19

Page 24: Samsung SDS IAM & EMM SDS IAM & EM… · IAM & EMM application to authenticate with Samsung SDS IAM & EMM Mobile Authenticator—see “Using the Samsung SDS IAM & EMM application

Adding web applications to the Apps page

Adding web applications to the Apps pageYou may be able to add web applications to the user portal. Any applications you add are also displayed in the Samsung SDS IAM & EMM client and Samsung SDS IAM & EMM WebApps application.

Adding applications is subject to a permission granted by your IT department. If you have the permission to add applications, then clicking Add Apps will display the App catalog window with the Search and Recommended tabs.

There are two ways to add applications:

Click the Add App button on the Apps page. This lets you add applications from the Samsung SDS IAM & EMM App Catalog. See “Using Add Apps” on page 20.

Use the App Capture feature in the Samsung SDS IAM & EMM Browser Extension. Use this option only if you can not find the application in the Samsung SDS IAM & EMM App Catalog. This option lets you capture and save the user name and password fields from the application log in page. See “Using App Capture” on page 21.

The applications you add are displayed on the Apps page in the user portal and in the Samsung SDS IAM & EMM client or, for Knox Workspace devices enabled to have a Knox mode container, in Samsung SDS IAM & EMM WebApps on mobile devices.

Using Add Apps

The Add Apps button lets you add applications from the Samsung SDS IAM & EMM App Catalog. After you configure the selected application, the Samsung service provides silent authentication every time you log in.

To add a web application:

1 Open the Samsung SDS IAM & EMM user portal and select Apps.

2 Click Add Apps.

The user portal opens the App Catalog window. The left pane has two tabs:

Search: Use this tab to display the applications in the Samsung SDS IAM & EMM App Catalog by category or search for a specific application. If you do not find the application using either method, use App Capture to add it—see “Using App Capture” on page 21.

Recommended: Applications assigned to you by your IT department that are optional.

3 Click the Add button associated with the application you want to add then click Yes in the pop up window to confirm your selection.

Note You can select multiple applications before you close the App Catalog window. If you do, you are returned to the Apps page and must click each application individually to

Chapter 2 • Using Apps 20

Page 25: Samsung SDS IAM & EMM SDS IAM & EM… · IAM & EMM application to authenticate with Samsung SDS IAM & EMM Mobile Authenticator—see “Using the Samsung SDS IAM & EMM application

Adding web applications to the Apps page

enter you credentials for each application. Go to “Updating your user identity for an application” on page 18 to complete the procedure for each application.

4 Click Close.

5 Enter your credentials for this application.

These credentials may be different than the user name and password you use to log in to the user portal.

6 Click Save to complete the application configuration.

The application is now listed on your Apps page.

Using App Capture

App Capture is a feature of Samsung SDS IAM & EMM Infinite Apps that is embedded in the Samsung SDS IAM & EMM Browser Extension. It allows you to add web applications that are not in the Samsung SDS IAM & EMM App Catalog. The App Capture utility identifies the user name and password fields on the application’s log in page. When these fields are identified on the web page and you have signed in using your user name and password, the user portal transparently logs you in every time you open the application.

To use App Capture, you need to install the browser extension in a Firefox browser. See “Installing the browser extension in Firefox” on page 17 for the details. App Capture is only supported in Firefox.

You can only add applications that require a user name and password. You cannot add applications that require a third field for authentication, for example an account or company ID.

Adding an application with App Capture

App Capture is designed to find the login user name and password fields in the website’s login page automatically. When it finds them, it highlights the fields.

However, for some applications App Capture cannot identify these fields on the website’s login page. In this case, you must manually designate the user name and password fields on the page.

The first time that you launch the newly added application, you are prompted to enter the user name and password you use to log in to this application. This user name and password may be different from the credentials you enter to log in to the user portal. Thereafter, single sign-on is in effect and the Samsung service transparently logs you in every time you open the application.

To add an application by using App Capture:

1 Open a browser window. If the Samsung SDS IAM & EMM Browser Extension icon in the tool bar is dimmed, click the drop-down menu and click Sign In. The Samsung SDS IAM

Chapter 2 • Using Apps 21

Page 26: Samsung SDS IAM & EMM SDS IAM & EM… · IAM & EMM application to authenticate with Samsung SDS IAM & EMM Mobile Authenticator—see “Using the Samsung SDS IAM & EMM application

Adding web applications to the Apps page

& EMM user portal login window opens in a new tab. Enter your Samsung service credentials. You only have to sign-in once. After that you are automatically logged in when you open the user portal.

If the icon is not dimmed, you are already logged in.

Note If the icon is not dimmed and the drop-down menu contains “Signed In” only, you do not have the permission required to add applications.

2 Open another browser window and go to the sign-in page for the application that you want to add.

3 Select the browser extension icon in the tool bar and select Capture from the drop-down menu.

App Capture highlights the user name and password fields as shown in the following picture, if it can.

4 If App Capture is unable to find the required fields, click Set Manually to manually select the fields. See “Manually adding an application by using App Capture” on page 23 for detailed steps.

Note By default, App Capture enables the Enter key for sending login information, not the submit button. For example, after entering the user name and password, the user presses the Enter key on the keyboard rather than clicking in Submit button (‘Sign me in’ in the Skype example). Capturing the Enter key is easier and more reliable than trying to capture the submit button so it is recommended that you finish the automatic process without enabling the submit button.

5 Click Next.

You can update the default information for the application name, description and icon.

6 Click Finish.

7 Choose to add the application the user portal or the Admin Portal (only available if you are in a role that has the Application Management right). Adding the application to Admin Portal allows you to assign it to other users.

8 Click Submit to add the application to the selected portal, and click Close when the confirmation message appears.

Chapter 2 • Using Apps 22

Page 27: Samsung SDS IAM & EMM SDS IAM & EM… · IAM & EMM application to authenticate with Samsung SDS IAM & EMM Mobile Authenticator—see “Using the Samsung SDS IAM & EMM application

Adding web applications to the Apps page

Manually adding an application by using App Capture

If you opened the application and App Capture did not find the user name/password fields or if you want to specify the Submit button rather than use the Enter key, use the following procedure.

To set fields manually while adding an application:

1 Open a browser window, select the browser extension icon in the tool bar, and click Sign In from the menu.

The Samsung SDS IAM & EMM user portal login window opens in a new tab.

2 Enter your user name and password to log in.

3 Open another browser window and go to the sign-in page for the application that you want to add.

4 Click the browser extension icon and click Capture from the drop-down men.

When App Capture is unable to highlight the user name, password, and submit fields, it asks you to set the information manually.

5 Click Set Manually.

6 Click the field to use as the Username field.

For example, click the Skype Name field for Skype:

App Capture tags Skype Name as the Username field and prompts you to select the Password field.

7 Click the field to use as the Password field.

App Capture tags the selected field as the Password field and prompts you to select the Sign in action.

8 Select one of the following options:

Use keyboard Enter key event (Recommended) When you select this option, users will be able to sign in to the application by pressing the Enter key. Capturing the Enter key is more reliable than trying to capture the sign-in button, so it is recommended to use this option. Click Next to continue with App Capture.

Right-click the Sign in button on the Web page to capture it This option allows users to sign in to the application by clicking the sign-in button. After you select

Chapter 2 • Using Apps 23

Page 28: Samsung SDS IAM & EMM SDS IAM & EM… · IAM & EMM application to authenticate with Samsung SDS IAM & EMM Mobile Authenticator—see “Using the Samsung SDS IAM & EMM application

Adding web applications to the Apps page

this option, you must right-click the sign-in button on the Web page to capture it. In general, you do not need to use this option but can use the first option. However, after you capture and deploy an application, if users are unable to send login information by pressing Enter on the applications login page, you can recapture the application and select this option to correct the problem.

After right-clicking the button, click Next to continue with App Capture.

9 (optional) You can update the default information for the application name, description and icon.

10 Click Finish.

11 Choose to add the application the user portal or the Admin Portal.

The Admin Portal option is only available if you are in a role that has the Application Management right. Add the application to Admin Portal allows you to assign it to other users.

12 Click Submit to add the application to the selected portal, and click Close when the confirmation message appears.

The application is ready to use.

Chapter 2 • Using Apps 24

Page 29: Samsung SDS IAM & EMM SDS IAM & EM… · IAM & EMM application to authenticate with Samsung SDS IAM & EMM Mobile Authenticator—see “Using the Samsung SDS IAM & EMM application

Requesting access to an application

Requesting access to an applicationAny user who has an account in the Samsung SDS IAM & EMM User Suite can request access to applications that the administrator has configured with a “request and approval” work flow. No special privileges are required to make requests or approve requests.

To request access to an application

1 Log on to the Samsung SDS IAM & EMM user portal.

2 Click the Apps tab, if needed.

3 Click Add Apps.

4 Type a search string to find the application of interest in the catalog, then click Request.

Only applications that have a “request and approval” work flow configured display a Request button.

5 Type the business reason for requesting access to the application, then click Yes to continue.

6 Click Close to close the App Catalog.

An email notification of your request is sent directly to the designated approver and a Requests tab will be visible the next time you go to the user portal. You can click the Requests tab to see the status of your request. You will also receive an email notification when you request is approved or rejected. If your request was approved, the email will include a link to open the user portal.

Viewing request status and history

You will only see the Requests tab if you have made a request or approved a request. After you have made or responded to at least one request, you can click the Requests tab to view the status of requests and the history of request activity. Depending on your role, you might click the Requests tab from Admin Portal or the user portal to see the status of your own pending requests, the requests awaiting your approval, or the results of request activity.

Regardless of the entry point for viewing the Requests tab, the list of requests includes the following information:

Description provides a brief summary of the request indicating the type of access or application requested.

Status displays the current status of the request as Pending, Approved, Rejected, or Failed.

You can review the request details to see the reason the request failed. For example, a request might fail if the email address for the approver or requester is invalid. A failed request might also indicate that the time allowed for taking the requested action has

Chapter 2 • Using Apps 25

Page 30: Samsung SDS IAM & EMM SDS IAM & EM… · IAM & EMM application to authenticate with Samsung SDS IAM & EMM Mobile Authenticator—see “Using the Samsung SDS IAM & EMM application

Requesting access to an application

expired. For example, assume the request was for permission to use the root account to log on to a resource and the request was approved with a duration of 60 minutes. If the requester did not log on within 60 minutes of the request approval, the request status will display Failed.

Posted displays the date and time of the most recent activity for each request.

Approver displays the user or role designated for approving access requests if the approval is pending or the specific user who approved or rejected the request if the request has been resolved.

Requester displays the user who submitted the request.

Latest Log Entry displays the most recent information recorded for the request.

Viewing request details

You will only see the Requests tab if you have made a request or approved a request. After you have made or responded to at least one request, you can click the Requests tab to view the status of requests and the history of request activity. Depending on your role, you might click the Requests tab from Admin Portal or the user portal to see the status of your own pending requests, the requests awaiting your approval, or the results of request activity. You can then select any request displayed on the Request tab to see request details.

If you are an approver, you can also go directly to Request Details by clicking the link in the email notifying you of the request.

Regardless of the entry point for viewing request details, the request information table displays details appropriate for the current state of the request. For example, you might see the following information:

Posted displays the date and time of the most recent activity for each request.

Description provides a brief summary of the request indicating the type of access or application requested.

Requester displays the user who submitted the request.

Requesters Reason displays the business reason provided by the user who submitted the request.

Approver displays the user or role designated for approving access requests if the approval is pending or the specific user who approved or rejected the request if the request has been resolved.

Status displays the current status of the request as Pending, Approved, Rejected, or Failed.

Depending on the status of the request, you might see the reason the request was rejected or the reason why the request failed.

Chapter 2 • Using Apps 26

Page 31: Samsung SDS IAM & EMM SDS IAM & EM… · IAM & EMM application to authenticate with Samsung SDS IAM & EMM Mobile Authenticator—see “Using the Samsung SDS IAM & EMM application

Removing web applications

Removing web applicationsYou can remove any web applications you added, either from the Samsung SDS IAM & EMM App Catalog or from App Capture. You cannot remove applications that were assigned to you by your IT department.

To remove web applications:

1 Open the Samsung SDS IAM & EMM user portal and select Apps.

2 Click the Settings icon (three vertical dots) associated with the application you want to remove.

The application configuration window displays.

3 Click Remove Application.

If you do not see “Remove Application,” the application was deployed by your IT department and you cannot remove it.

4 Click Yes to finish.

Chapter 2 • Using Apps 27

Page 32: Samsung SDS IAM & EMM SDS IAM & EM… · IAM & EMM application to authenticate with Samsung SDS IAM & EMM Mobile Authenticator—see “Using the Samsung SDS IAM & EMM application

Chapter 3

Using Devices

The Devices page lists all the devices you have enrolled in the Samsung service and lets you send commands to the devices.

Device related tasks that you can perform on the Samsung SDS IAM & EMM user portal are:

“Adding a device” on page 29

“Viewing your device information” on page 33

“Sending commands to devices” on page 35

“Sending commands to devices” on page 35

“Issuing derived credentials to your devices” on page 38

The Devices page is blank until you enroll a device.

Not all companies use the Samsung service for device enrollment. Contact your IT department to determine whether or not you should enroll your mobile devices.

Chapter 3 • Using Devices 28

Page 33: Samsung SDS IAM & EMM SDS IAM & EM… · IAM & EMM application to authenticate with Samsung SDS IAM & EMM Mobile Authenticator—see “Using the Samsung SDS IAM & EMM application

Adding a device

Adding a deviceYou add a device by installing the Samsung SDS IAM & EMM client on the device and then use this application to enroll the device in the Samsung service. After you enroll the device, it is listed on the user portal Devices page and remains enrolled until you or your IT administrator unenrolls it.

Keep the following in mind:

You may have a limit on the number and types of devices you can add. Your IT administrator can set a policy that, for example, limits you to adding 2 devices only and does not allow you to add an iOS device. Contact your IT administrator for the details.

If you have added/enrolled more than one device and want notifications sent to all the devices, your IT administrator must configure this option.

If you are enrolling an iOS device that was assigned to the Apple Device Enrollment Program, go to “Using Apple device enrollment” on page 32 to install the Samsung SDS IAM & EMM client.

Installing the Samsung SDS IAM & EMM client

The easiest way to install the Samsung SDS IAM & EMM client to you device is to click Add Devices on the Devices page and then select a method.

You can install the Samsung SDS IAM & EMM client using the following methods:

Send a SMS text message to the device. The text message contains a link you tap to proceed—see “Using a text message” on page 30.

Send an email to the device. The email message contains a link you tap to proceed—see “Using an email message” on page 30.

Use the camera on your device and a QR code reader application—see “Using the QR code” on page 31 for the details.

The Google Play and App Store links are provided if you want to review the application description in the catalog before installing it on the device. You can also use them to download the application. You must have an Google Play or Apple App Store account to use these options.

We support the following versions:

iOS version 8.0 or later

Android 4.0 or later

Apple computers running OS X 10.8 or later

Notes

If you have a Samsung Knox device that has the Universal MDM Client (UMC), you use a different procedure to install the Samsung SDS IAM & EMM client and enroll the

Chapter 3 • Using Devices 29

Page 34: Samsung SDS IAM & EMM SDS IAM & EM… · IAM & EMM application to authenticate with Samsung SDS IAM & EMM Mobile Authenticator—see “Using the Samsung SDS IAM & EMM application

Adding a device

device—see “Enrolling a Samsung Knox device with the Universal MDM Client” on page 49.

Using a text message

You can send a text message to the device to download the Samsung SDS IAM & EMM client to your device and then install it from the Downloads the folder.

To initiate device enrollment using a text message:

1 Open the user portal, click Devices, and Add Devices.

This opens the Add Devices pop up window.

2 In the Send SMS area, confirm the phone number then click Send.

The text message is sent.

3 On the device, open the text message.

4 Tap the link in the message.

5 Authorize application download.

On an Android device, tap OK to allow download of the file. This downloads the application file to your Downloads folder.

On an iOS device, tap Open to open the application page in the Apple App Store and tap Install. This downloads and installs the application on your home screen. Skip the next step and go to Enrolling an iOS device to complete enrollment.

6 Android devices only: Open the Downloads folder on the device and tap the Samsung SDS IAM & EMM client file just downloaded.

This initiates application installation. Go to “Enrolling an Android device” on page 48 to complete enrollment.

Using an email message

You can send an email to the device to download the Samsung SDS IAM & EMM client to your device and then install it from the Downloads folder.

To initiate device enrollment using an email message:

1 Open the user portal, click Devices, and Add Devices.

This opens the Add Devices pop up window.

2 In the Send email to devices area, confirm the email address then click Send.

The email is sent.

Chapter 3 • Using Devices 30

Page 35: Samsung SDS IAM & EMM SDS IAM & EM… · IAM & EMM application to authenticate with Samsung SDS IAM & EMM Mobile Authenticator—see “Using the Samsung SDS IAM & EMM application

Adding a device

3 On the device, open the email application.

4 Tap the message.

5 Authorize application download.

On an Android device, tap OK to allow download of the file. This downloads the application file to your Downloads folder.

On an iOS device, tap Open to open the application page in the Apple App Store and tap Install. This downloads and installs the application on your home screen. Skip the next step and go to Enrolling an iOS device to complete enrollment.

6 Android devices only: Open the Downloads folder on the device and tap the Samsung SDS IAM & EMM client file just downloaded.

This initiates application installation. Go to “Enrolling an Android device” on page 48 to complete enrollment.

Using the QR code

You must have a QR code reader application to download the Samsung SDS IAM & EMM client using the QR code.

Many devices come equipped with a QR code reader application. If your device does not have one by default, there are many free apps you can install from Google Play or the Apple Apps Store.

To install the Samsung SDS IAM & EMM client by using the QR code:

1 Open the user portal, click the Devices page, and click Add Devices.

2 On the device, use the camera to scan the QR code.

3 Authorize application download.

On an Android device, tap Go to Website and then tap OK to allow download of the file. This downloads the application file to your Downloads folder.

On an iOS device, tap Install. This downloads and installs the application on your home screen. Skip the next step and go to “Enrolling an iOS device” on page 79 to complete the enrollment phase.

4 Android devices only: Open the Downloads folder on the device and tap the Samsung SDS IAM & EMM client file just downloaded.

This initiates application installation. Go to “Enrolling an Android device” on page 48 to complete enrollment.

Chapter 3 • Using Devices 31

Page 36: Samsung SDS IAM & EMM SDS IAM & EM… · IAM & EMM application to authenticate with Samsung SDS IAM & EMM Mobile Authenticator—see “Using the Samsung SDS IAM & EMM application

Adding a device

Using Apple device enrollment

The Apple Device Enrollment Program is a service provided by Apple. It is designed to help businesses and education institutions easily deploy and manage iPads and iPhones. It provides a fast, streamlined way to deploy company owned iPad and iPhone devices that your IT department purchased directly from Apple.

If you have a device assigned to the Apple Device Enrollment Program (DEP) enrolling the device is a two-part process:

First, you enroll the device in the Apple DEP program.

Second, you use the Samsung SDS IAM & EMM client to enroll the device in the Samsung service.

The first procedure depends upon how your IT department configured the device. However, it does have the following basic steps:

1 Set up the device communications.

The device will need to connect to the Apple server. Your IT department will provide the information you need.

2 Enter your login user name and password.

This may be the user name and password you use to log in to your network or another set of credentials. Your IT department will provide these to you too.

3 Perform the initial configuration tasks.

These vary depending upon your organization’s security policies and can include prompts, for example, to setup a passcode, enable or disable location tracking, or set up Siri.

After you have completed the initial configuration tasks, the Samsung SDS IAM & EMM client and the Company Apps applications are automatically installed on your home screen. To perform the second enrollment piece—enrolling the device in the Samsung service—see “Enrolling an iOS device and using the Samsung SDS IAM & EMM client” on page 78.

Chapter 3 • Using Devices 32

Page 37: Samsung SDS IAM & EMM SDS IAM & EM… · IAM & EMM application to authenticate with Samsung SDS IAM & EMM Mobile Authenticator—see “Using the Samsung SDS IAM & EMM application

Viewing your device information

Viewing your device informationWhen you open the Devices tab, the screen lists all of the devices that you have enrolled in the Samsung service, including devices that have been unenrolled.

A device can have the following statuses:

Enrolled: The device is enrolled and in communication with the Samsung service.

Unenrolled: The device was enrolled at one time but has since been unenrolled from the Samsung service.

Unreachable: The device has not communicated with the Samsung service for a period of time. That period of time is set by your IT administrator.

Enrolling: The device is in the process of enrolling with the Samsung service. This is typically a short-term state.

The map shows the location of all the devices you have at one time been enrolled. For unreachable devices, the map shows the last known location. Click on the device’s arrow to center the focus on that device.

The map device locations are only shown if your organization is using the Samsung service for mobile device management and you have enabled device tracking on the device and in the Samsung SDS IAM & EMM user portal.

By default, location tracking is enabled in the Samsung SDS IAM & EMM user portal. To configure location tracking, see “Disabling device location tracking” on page 7.

In the Samsung SDS IAM & EMM client on iOS devices, location tracking uses the significant-change location service which, unlike the GPS location tracking, is very battery friendly. It is not perpetually trying to determine the device location. Note that the Apple Location icon does not differentiate between the different types of location services.

Similarly, the Samsung SDS IAM & EMM client for Android is configured for low power consumption. Open Location in the device Settings to see the battery use for the Samsung SDS IAM & EMM client.

If the location does not seem correct, click the Find Now button to ensure that you have the most recent GPS location data. You may need to reload the browser page to display a location change.

Using the device details pages

Click a device to display device-specific information.

Click the Actions button to send a command to the device—see “Sending commands to devices” on page 35.

Device-specific information include the following:

Overview: Last-updated location, current batter and storage levels, and network and OS details.

Chapter 3 • Using Devices 33

Page 38: Samsung SDS IAM & EMM SDS IAM & EM… · IAM & EMM application to authenticate with Samsung SDS IAM & EMM Mobile Authenticator—see “Using the Samsung SDS IAM & EMM application

Viewing your device information

Details: The full details about the device, operating system, and carrier and network. The following information is specific to Windows 10 devices:

Antispyware Status -- Shows the status of the antispyware software installed on the device. If you have not installed any additional antispyware software, then we show the status of default Windows antispyware software.

Antivirus Status -- Shows the status of the antivirus software installed on the device. If you have not installed any additional antivirus software, then we show the status of default Windows antivirus software.

Device Location -- Shows the device on/off configuration for sharing its location.

Encryption compliance -- Shows if the device is encrypted or not.

Firewall Status -- Firewall monitoring is typically split into three zones (domain networks, guest or public networks, private networks). Statuses include: Monitoring: Firewall must be on for all three zones.Temporarily not completely monitoring: One or more zone is not being monitored.Disabled: Firewall monitoring is disabled.

Device Applications: Shows the applications that are targeted for this device, the application version, the installation type (automatic or optional), and the application statuses (Installed or Not Installed). You can export the information to CSV and Excel. This information is not available for unenrolled devices.

Location: A bigger map showing the device’s current location.

Device Activity: A log of the actions performed on the device.

Chapter 3 • Using Devices 34

Page 39: Samsung SDS IAM & EMM SDS IAM & EM… · IAM & EMM application to authenticate with Samsung SDS IAM & EMM Mobile Authenticator—see “Using the Samsung SDS IAM & EMM application

Sending commands to devices

Sending commands to devicesThe Samsung service provides self-service commands you can send to the device. Send commands by doing one of the following in the Samsung SDS IAM & EMM user portal:

Right-click the device in the Devices screen.

The Samsung SDS IAM & EMM user portal displays a drop-down list with the commands.

Open the device details page and click the Actions button.

The pop-up menu lists the commands available for this device.

The available commands depend upon the following:

Whether your organization is using the Samsung service for mobile device management.

The type of device you have enrolled.

The device policies that your IT administrator has enabled for you.

The following table lists all of the Samsung service commands for all devices. If the command is not displayed in the pop up menu, it is not available for that device.

Command Purpose

Delete Remove the device listing.

If you are using the Samsung service for device management, this command is available only for unreachable and unenrolled devices. When the device is enrolled, this command is not displayed.

Deleting a device does not remove the Samsung SDS IAM & EMM client or mobile applications that you installed using the Samsung SDS IAM & EMM client. If you try to open the Samsung SDS IAM & EMM client after deleting the device, it prompts you to enter your login credentials to enroll the device again.

Update Policies Update your device with the latest mobile device policies.

Reset Password Reset the passcode that opens the device. Use this command to create a new passcode if you have forgotten it.

Notes:

• The use of this command is controlled by your IT administrator. This command may not be available to you.

• This command cannot be used to override a remote lock.

Lock Screen Lock the mobile device screen so a user cannot access it (for example, if you fear another person has your phone). Remote lock is identical to locking it manually on the device. You unlock the device by entering the passcode.

Wipe Device Remove all user data and restore the device to its shipping default state.

Note: The use of this command is controlled by your IT administrator. This command may not be available to you.

Chapter 3 • Using Devices 35

Page 40: Samsung SDS IAM & EMM SDS IAM & EM… · IAM & EMM application to authenticate with Samsung SDS IAM & EMM Mobile Authenticator—see “Using the Samsung SDS IAM & EMM application

Sending commands to devices

Samsung Knox device commands

The following commands are only displayed if you are using a Samsung Knox device and the licenses are valid.

Unenroll Device Remove all mobile device policies from the device and change the state to Unenrolled. To use the Samsung service again, you must re-enroll the device.

Note: The use of this command is controlled by your IT administrator. This command may not be available to you.

Lock Client App Locks the Samsung SDS IAM & EMM client on the device.

This command is only available on iOS and Android devices.

Reset Client App PIN

Resets the passcode for the Samsung SDS IAM & EMM client on the device. This command is useful when you forget your passcode.

This command is only available on iOS and Android devices.

Disable SSO Disable single sign-on (SSO) for web applications listed in the Samsung SDS IAM & EMM client and, on Knox Workspace devices, in Samsung SDS IAM & EMM WebApps and the mobile applications that use the Samsung Knox SSO service.

You would use this command, for example, if your device is lost or stolen to prevent someone else from logging in to your applications.

After this command is sent, an error message is displayed on the device to indicate that single sign-on is not available. The user cannot log in to any application that requires authentication until single sign-on is enabled again.

Enable SSO Enable single sign-on (SSO) for the web applications listed in the Samsung SDS IAM & EMM client and, for Knox Workspace devices, mobile applications that use the Samsung Knox SSO service.

By default, SSO is turned on. You would only need to use this command if you had previously used the Disable SSO to turn off single sign-on.

Command Purpose

All Samsumg Knox devices

Force Password change

Force a device password change. The first prompt requires you to enter your current password before creating a replacement. If you do not know your password, use the Reset Passcode command instead.

Device Lockout Lock down the device.

This command lets you define a passcode that must be entered to unlock the device. In addition, the command lets you specify a lockout message that is displayed on the device.

Power off Device Turn off the device.

Reboot Device Force the device to reboot.

Reset Call Counts

Reset the call counts.

Reset Data Usage Count

Reset the count of cellular data network bytes received and sent.

Command Purpose

Chapter 3 • Using Devices 36

Page 41: Samsung SDS IAM & EMM SDS IAM & EM… · IAM & EMM application to authenticate with Samsung SDS IAM & EMM Mobile Authenticator—see “Using the Samsung SDS IAM & EMM application

Sending commands to devices

Samsung Knox Workspace devices only

Remove container

Delete the container.

Note: All applications in the container are uninstalled and all data in the container are erased.

Lock Container Lock the container. The container cannot be opened after receiving the Disable Container command until the device receives a Enable Container command.

Unlock Container Unlock the container. A container locked with the Disable Container command cannot be opened until the device receives the Enable Container command.

Re-authenticate SSO

Prompt you to enter your credentials the next time you open a mobile application that uses the Samsung Knox container’s single sign-on feature (not all mobile applications installed in the container use this feature).

Reset Container Password

Prompt you to create a new password for the container.

Command Purpose

Chapter 3 • Using Devices 37

Page 42: Samsung SDS IAM & EMM SDS IAM & EM… · IAM & EMM application to authenticate with Samsung SDS IAM & EMM Mobile Authenticator—see “Using the Samsung SDS IAM & EMM application

Issuing derived credentials to your devices

Issuing derived credentials to your devicesDerived credentials allow secure mobile access to applications, websites and services that require smart card authentication. After your systems administrator has configured the necessary settings, you can issue the derived credential to your enrolled devices.

Note: If your organization is using a custom CA, skip the procedure below and see User tasks for custom CA.

Derived credentials are supported on:

iOS 8 and newer

Android 6.0 and newer

To issue the derived credential to your enrolled device:

1 Log in to the user portal.

2 Click Devices and select your device.

3 Click Actions > Provision Derived Credentials.

You can now access CAC protected applications on your mobile device using the derived credential.

After you issue the derived credential to your device, you can revoke or resend the credential. If your device does not receive the derived credential after 2 minutes, try resending the credential.

User tasks for custom CA

Your organization is using a custom Certificate Authority CA to generate the certificate for smart card authentication to your mobile device. To use a custom CA, each device owner/user must download the Certificate Signing Request (CSR) because each CSR is unique per device/user and upload the certificate that you get from your systems administrator.

To download the CSR:

1 Log in to the user portal.

2 Click Devices and select your device.

3 Click Actions > Provision Derived Credentials.

4 Click Download CSR.

You only see this option if your systems administrator configures the Custom CA option.

Chapter 3 • Using Devices 38

Page 43: Samsung SDS IAM & EMM SDS IAM & EM… · IAM & EMM application to authenticate with Samsung SDS IAM & EMM Mobile Authenticator—see “Using the Samsung SDS IAM & EMM application

Issuing derived credentials to your devices

5 Send the CSR file to your systems administrator.

Your systems administrator will work the CA to generate the certificate. When you get the certificate, use the following procedure to upload it.

To upload the certificate:

Perform this task after your systems administrator gives you the certificate.

1 Log in to the user portal.

2 Click Devices and select your device.

3 Click Actions > Provision Derived Credentials.

4 Click Upload Certificate.

5 Navigate to the certificate and upload it.

You can now access CAC protected applications on your mobile device using the derived credential.

Chapter 3 • Using Devices 39

Page 44: Samsung SDS IAM & EMM SDS IAM & EM… · IAM & EMM application to authenticate with Samsung SDS IAM & EMM Mobile Authenticator—see “Using the Samsung SDS IAM & EMM application

Chapter 4

Using Activity

The Activity page lists the date and time of actions performed and commands sent to your devices by you and the system administrator. The actions include the following:

Logged in and logged out

Launched an application

Enrolled a device

Changed your password

Failed in an attempt to log in

See “Sending commands to devices” on page 35 for the description of the commands that can be sent to your devices.

You can sort the actions by date and time or detail. For example, click When to sort the items by date and time in alternating ascending or descending numeric order. Similarly, click Detail to sort by the action type in alternating ascending or descending alphabetic order.

To find a specific activity or set of activities, enter the keyword in the Search box. The user portal filters the list as you enter each character. To return to the full list, delete the search text.

Chapter 4 • Using Activity 40

Page 45: Samsung SDS IAM & EMM SDS IAM & EM… · IAM & EMM application to authenticate with Samsung SDS IAM & EMM Mobile Authenticator—see “Using the Samsung SDS IAM & EMM application

Chapter 5

Using Account

The Account page displays your account information. There are two types of accounts: Samsung directory User and Active Directory User. The account type is shown right under your name.

The following topics are relevant to managing your account:

“Creating a security question and answer” on page 42

“Changing your network log in password” on page 43

“Modifying an Active Directory User account” on page 44

“Modifying a Samsung directory User account” on page 45

“Managing authentication keys” on page 46

From the Account page, you can change your password and modify some of your account information. The properties you can change are dependent on the type of account you have.

Chapter 5 • Using Account 41

Page 46: Samsung SDS IAM & EMM SDS IAM & EM… · IAM & EMM application to authenticate with Samsung SDS IAM & EMM Mobile Authenticator—see “Using the Samsung SDS IAM & EMM application

Creating a security question and answer

Creating a security question and answerSome organizations require multifactor authentication when you log in to the user portal or an application from the user portal (see “Using multi factor authentication” on page 3 for the details). If your organization requires multifactor authentication and allows you to use a question and answer as an authentication method, you are prompted to create the question and answer when you log in to the user portal for the first time.

To set and change your security question and answer:

1 Log in to the user portal.

2 Click Account > Set in the Security Question area.

3 Enter the question and the answer.

The question can be multiple words.

The answer can be multiple words. It is case sensitive and the spaces you enter must be entered when you log in.

Note Leading and trailing spaces are stripped off. Otherwise, you must enter the answer exactly as specified in the New Answer text box.

4 Click Save.

Chapter 5 • Using Account 42

Page 47: Samsung SDS IAM & EMM SDS IAM & EM… · IAM & EMM application to authenticate with Samsung SDS IAM & EMM Mobile Authenticator—see “Using the Samsung SDS IAM & EMM application

Changing your network log in password

Changing your network log in passwordIf you have a Samsung directory User account, changing your password changes the password you use to open the user portal and to enroll devices. If you have an Active Directory User account, this also changes the password you use to log in to your company account when you start up your computer.

Your IT administrator controls whether or not you can change your password.

If you have an Active Directory User account, you may need to change other passwords as well. For example, if you log in to Outlook with the same account, you’ll need to change that login password to match. Confirm with your IT staff regarding other passwords you may need to change after you change your Active Directory User account password in the user portal.

To change your network log in password using Admin Portal:

1 Lon in to the user portal.

2 Click Account > Security > Change in the Password area.

3 Enter your current password.

4 Enter the new password.

5 Reenter the new password to confirm.

6 Click Save.

You can also change the password using your enrolled device. For Android devices, see “Changing your Active Directory or user portal password” on page 50. For iOS devices, see “Changing your Active Directory or user portal password” on page 80.

Chapter 5 • Using Account 43

Page 48: Samsung SDS IAM & EMM SDS IAM & EM… · IAM & EMM application to authenticate with Samsung SDS IAM & EMM Mobile Authenticator—see “Using the Samsung SDS IAM & EMM application

Modifying an Active Directory User account

Modifying an Active Directory User accountIf you have an Active Directory User account, most of your account information is set by your IT administrator, and you cannot change it. However, there are some fields you can change in the Personal Profile page.

Note You cannot change any of the information in the Organization page.

To change your Personal Profile data:

1 Open the user portal and click Account.

2 Click Edit on the Personal Profile page.

3 Enter your Active Directory account password and click Proceed.

4 You can change the following fields:

Office Number

Mobile Number

Be sure your mobile number is correct. If your organization uses multifactor authentication, this is the number used by the identity platform to contact you. If it is wrong, you will not be able to log in using the mobile device for authentication (other forms may be available—see “Using multi factor authentication” on page 3).

Website

Address

City, State, Zip, and Country.

5 Click Save.

Chapter 5 • Using Account 44

Page 49: Samsung SDS IAM & EMM SDS IAM & EM… · IAM & EMM application to authenticate with Samsung SDS IAM & EMM Mobile Authenticator—see “Using the Samsung SDS IAM & EMM application

Modifying a Samsung directory User account

Modifying a Samsung directory User accountIf you have a Samsung directory User account, you can change many of the fields on the Personal Profile page.

Note You cannot change any of the information in the Organization page.

To change Personal Profile information:

1 Log in to the user portal.

2 Click Account > Personal Profile.

3 Make your updates.

Be careful when you change your Email Address and Mobile Number. If your organization uses multifactor authentication, the email address or mobile number can be used to contact you. If the information is wrong, you may not be able to log in.

Note You cannot change your login name and suffix.

4 Click Save.

Chapter 5 • Using Account 45

Page 50: Samsung SDS IAM & EMM SDS IAM & EM… · IAM & EMM application to authenticate with Samsung SDS IAM & EMM Mobile Authenticator—see “Using the Samsung SDS IAM & EMM application

Managing authentication keys

Managing authentication keysYou can use the Samsung SDS IAM & EMM user portal to get the one time passcode (either by scanning an external source's QR code or entering the authentication key information manually). You then can use the passcode to log in to the relevant application or website.

Android devices: See “Using Samsung SDS IAM & EMM Identity Service as an authenticator” on page 54 for information on scanning QR code using your Android device.

iOS devices: See “Using Samsung SDS IAM & EMM Identity Service as an authenticator” on page 83 for information on scanning QR code using your iOS device.

To enter the authentication key information manually on your computer:

1 Log in to the Samsung SDS IAM & EMM user portal on your computer.

2 Click Account > Security > Add Accounts Manually.

3 Enter the information provided by the application or website.

4 Click Save.

The newly created passcode is available in the Passcodes window on your enrolled device.

Chapter 5 • Using Account 46

Page 51: Samsung SDS IAM & EMM SDS IAM & EM… · IAM & EMM application to authenticate with Samsung SDS IAM & EMM Mobile Authenticator—see “Using the Samsung SDS IAM & EMM application

Chapter 6

Enrolling an Android device and using the Samsung SDS IAM & EMM client

You enroll your device in the Samsung service using the Samsung SDS IAM & EMM client. If you have not installed the Samsung SDS IAM & EMM client, see Adding a device then return here to complete device enrollment.

If your organization uses the Samsung service for mobile device management, the Samsung service also deploys the mobile applications assigned to you and installs a set of mobile device policy profiles. The profiles set system preferences that configure communications with your corporate network and may impose some restrictions on your use of some device features.

The following topics are relevant to enrolling a device and using the Samsung SDS IAM & EMM client:

“Enrolling an Android device” on page 48

“Using the Samsung SDS IAM & EMM client” on page 50

“Unenrolling your device” on page 76

“Uninstalling the Samsung SDS IAM & EMM client” on page 77

If you have a Samsung Workspace device, see the following topics as well:

“Creating a Samsung Knox container” on page 60

“Using Samsung SDS IAM & EMM WebApps” on page 68

“Installing mobile applications on Samsung Workspace devices” on page 71

“Locking a Knox container” on page 74

Chapter 6 • Enrolling an Android device and using the Samsung SDS IAM & EMM client 47

Page 52: Samsung SDS IAM & EMM SDS IAM & EM… · IAM & EMM application to authenticate with Samsung SDS IAM & EMM Mobile Authenticator—see “Using the Samsung SDS IAM & EMM application

Enrolling an Android device

Enrolling an Android deviceIf you have a Samsung Knox Workspace device that has the Samsung Universal MDM Client (UMC), see “Enrolling a Samsung Knox device with the Universal MDM Client” on page 49.

If you have any other type of device, including Samsung Knox devices that do not have the UMC, see “Enrolling Android devices” on page 48.

Enrolling Android devices

You use the Samsung SDS IAM & EMM client to enroll your device. If you have not yet installed the Samsung SDS IAM & EMM client on your device, go to “Adding a device” on page 29 for the instructions.

To enroll the device:

1 If the Samsung SDS IAM & EMM client is not already running, open Apps on the device and tap the icon.

2 Enter your user name and password.

Your IT administrator will provide you with the user name and password you should use.

The next step depends upon whether your organization is using the Samsung service or another product for mobile device management.

If your organization is using the Samsung service for mobile device management, continue with the remaining steps in this procedure to complete enrollment.

If your organization is using another service for mobile device management, enrollment is complete and the Samsung SDS IAM & EMM client opens to your Web Apps screen. Skip the remaining enrollments steps and proceed to “Using the Samsung SDS IAM & EMM client” on page 50

3 Read through the text and tap Activate.

This launches the Samsung service enrolling process which registers your device in the Samsung service.

If you have a Samsung Workspace device, proceed to the next step.

If you have an Android device from another vendor, this completes device enrollment.

4 Read through the text, tap the acknowledgment check box, and then tap Confirm.

This completes the device enrollment and begins the mobile device policies installation. Mobile policy installation can take a minute or two to complete. At the end of the policy installation, the Samsung SDS IAM & EMM client opens to one of the following screens:

Chapter 6 • Enrolling an Android device and using the Samsung SDS IAM & EMM client 48

Page 53: Samsung SDS IAM & EMM SDS IAM & EM… · IAM & EMM application to authenticate with Samsung SDS IAM & EMM Mobile Authenticator—see “Using the Samsung SDS IAM & EMM application

Enrolling an Android device

A list of web applications. This is the Web Apps screen. Go to “Using the Samsung SDS IAM & EMM client” on page 50 to learn about the Samsung SDS IAM & EMM client user interface.

A list of mobile applications. This is the Mobile Apps screen. Go to “Using the Samsung SDS IAM & EMM client” on page 50 to learn about the Samsung SDS IAM & EMM client user interface.

A second “Privacy Policy” screen. This screen is the first in a series of steps that creates a Samsung Knox container.

Read through the text, tap the acknowledgment check box, and then tap Confirm. Then, go to “Creating the Knox container” on page 61 to continue.

Enrolling a Samsung Knox device with the Universal MDM Client

The Samsung Universal MDM Client (UMC) simplifies enrolling a Samsung Knox device in the Samsung service. For example, the UMC automatically installs the Samsung SDS IAM & EMM client on the device for you prior to device enrollment.

To use the UMC client to install the Samsung SDS IAM & EMM client and enroll the device:

1 Open the UMC client.

This opens the New registration screen on the device.

2 Enter your user name and tap Confirm.

Your IT administrator will provide you with the user name you should use.

The next screen displays the policies and terms and conditions.

3 Tap agree to all terms and tap Confirm.

The remainder of the application installation and enrollment are performed automatically. When it completes, the screen opens to the Samsung SDS IAM & EMM client home page.

Continue with “Using the Samsung SDS IAM & EMM client” on page 50 to learn about the Samsung SDS IAM & EMM client user interface.

Chapter 6 • Enrolling an Android device and using the Samsung SDS IAM & EMM client 49

Page 54: Samsung SDS IAM & EMM SDS IAM & EM… · IAM & EMM application to authenticate with Samsung SDS IAM & EMM Mobile Authenticator—see “Using the Samsung SDS IAM & EMM application

Using the Samsung SDS IAM & EMM client

Using the Samsung SDS IAM & EMM client

You use the Samsung SDS IAM & EMM client for several purposes:

To open the web applications assigned to you by your IT department.

If your IT department requires a one time passcode to log in to the Samsung SDS IAM & EMM user portal, you use the Samsung SDS IAM & EMM client to generate the one-time passcode.

You can use a built-in browser, instead of your internet browser, to run the web applications assigned to you.

Securing your Samsung SDS IAM & EMM client

You can secure your Samsung SDS IAM & EMM client using a PIN, fingerprint, or Near Field Communication (NFC) tag. The fingerprint option is only supported on Samsung devices that have the fingerprint recognition functionality.

To secure your Samsung SDS IAM & EMM client:

1 Tap the Samsung SDS IAM & EMM client on your device.

2 Tap Settings > Security Options.

3 Enter a PIN as your primary access method.

4 (optional) Register your fingerprint or NFC tag as alternative access methods.

If fingerprint recognition is available on your device, then we direct you to the device fingerprint registration window.

If you have an NFC tag, then enter your PIN to register the tag. You can register a maximum of 5 tags.

5 Tap the App Lock Settings option on the Settings page and enable the feature using the Lock On Exit field.

The setting defined by your system administrator overrides your setting here.

6 (optional) Tap Auto-Lock and configure how long you want the Samsung SDS IAM & EMM client to be inactive before it automatically locks up.

You will now be prompted to use one of the configured methods (PIN, fingerprint, or NFC tag) to access the Samsung SDS IAM & EMM client.

Changing your Active Directory or user portal password

If you have a Samsung directory User account, changing your password changes the password you use to open the user portal and to enroll devices. If you have an Active

Chapter 6 • Enrolling an Android device and using the Samsung SDS IAM & EMM client 50

Page 55: Samsung SDS IAM & EMM SDS IAM & EM… · IAM & EMM application to authenticate with Samsung SDS IAM & EMM Mobile Authenticator—see “Using the Samsung SDS IAM & EMM application

Using the Samsung SDS IAM & EMM client

Directory User account, this also changes the password you use to log in to your company account when you start up your computer.

Your IT administrator controls whether or not you can change your password.

If you have an Active Directory User account, you may need to change other passwords as well. For example, if you log in to Outlook with the same account, you’ll need to change that login password to match. Confirm with your IT staff regarding other passwords you may need to change after you change your Active Directory User account password in the user portal.

To change your account password on your device:

1 Tap the Samsung SDS IAM & EMM client on your device.

2 Tap Settings > Change Password.

3 Enter your current and new passwords.

4 Tap Save.

Using the Web Apps screen

Shows the web applications deployed to you and those you have added from the Samsung SDS IAM & EMM user portal or App Capture (see “Adding web applications to the Apps page” on page 20). The Web Apps option is not available for Samsung Knox Workspace devices that are enabled to have a Knox container because you launch web applications from the Samsung SDS IAM & EMM WebApps application. See “Using Samsung SDS IAM & EMM WebApps” on page 68.

The following table shows symbols that you may see associated with some applications:

Symbol What it means

Application settings.

Allows you access to settings, such as user name and password.

Blocked by policy. You cannot open this application from your device.

For example, an application can be configured so that you can open it from your office computer but not on your phone when you are outside the corporate WiFi network.

Blocked by the browser. You cannot open this application because it is not supported on the device’s web browser.

Chapter 6 • Enrolling an Android device and using the Samsung SDS IAM & EMM client 51

Page 56: Samsung SDS IAM & EMM SDS IAM & EM… · IAM & EMM application to authenticate with Samsung SDS IAM & EMM Mobile Authenticator—see “Using the Samsung SDS IAM & EMM application

Using the Samsung SDS IAM & EMM client

The Samsung SDS IAM & EMM client updates the Web Apps screen every time you open the program. If you have signed in to an application from the Samsung service previously, then you are signed in automatically. Otherwise, you are prompted to enter your user name and password. Be sure to enter the user name and password for that application—your credentials for the application may be different from your Samsung service credentials.

The Samsung service provides single sign-on by default. You can turn off single sign-on—see “Sending commands to devices” on page 35 for the details.

Updating or viewing your user identity for an application

If you change your user name or password for an application that has already been deployed to the user portal, you must update it in the Samsung SDS IAM & EMM client to continue using single sign-on. Additionally, you can also view and copy the encrypted application password before you log in (if your system administrator has not disabled this capability). You must have App Lock configured to view and copy the password. See “Using App Lock” on page 56.

If you have multiple devices, you only need to provide the credentials on one device.

To define or view your user identity of an application:

1 Open the Samsung SDS IAM & EMM client and tap Web Apps.

2 On the Web Apps screen, tap the application settings icon (three vertical dots) associated with the relevant application and select App Settings.

3 Enter the user name and password you use to sign in to this application.

4 (If enabled) Click the eyeball icon to view and copy the encrypted application password.

5 Click Save.

Adding applications to the home screen

You can create a short-cut to an application by adding it to the home screen. If you have configured application lock for the Samsung SDS IAM & EMM client, then you will need to provide the PIN or swipe your fingerprint to access the application.

Indicates that you do not need to enter any log in credentials to access the application. Your system administrator has configured for all users to use the same log in credentials, so the identity platform automatically logs you in using those credentials.

Indicates that this application has been newly deployed by your system administrator. After you launch the application or access Application Settings, this symbol is automatically removed. The same actions performed on the user portal will also remove the symbol and visa versa.

Symbol What it means

Chapter 6 • Enrolling an Android device and using the Samsung SDS IAM & EMM client 52

Page 57: Samsung SDS IAM & EMM SDS IAM & EM… · IAM & EMM application to authenticate with Samsung SDS IAM & EMM Mobile Authenticator—see “Using the Samsung SDS IAM & EMM application

Using the Samsung SDS IAM & EMM client

To add the application to the home screen:

1 Open the Samsung SDS IAM & EMM client and tap Web Apps.

2 Tap the application settings icon (three vertical dots) associated with the relevant application and select Add to Home Screen.

The application is added to the device’s home screen.

Note: If you unenroll the device, un-assign the application to the role/user, or delete the Samsung SDS IAM & EMM client from the device, then the short-cut will be deleted from the home screen automatically.

Filtering applications

By default, the Apps screen lists all of your web applications. You can filter it to show just your frequently used applications, recently used applications, or groups of applications you have tagged. You use the drop-down list to select the filter.

Note You must create the tags and assign them to applications using the user portal. See “Creating your own tags” on page 19.

Using the Mobile Apps screen

You use the Mobile Apps screen to open the native Android applications that have been deployed to you. This screen can have either or both of the following headings:

Recommended: Applications you should install on the device.

Optional: Applications you can install if you want.

On many Samsung Workspace devices, the applications listed under Recommended are installed automatically.

To install a native Android application:

1 Open the Samsung SDS IAM & EMM client and tap Mobile Apps.

This screen shows the mobile applications deployed to you by your IT department.

2 Tap Install and follow the on-screen instructions.

To open a native Android application deployed to you:

1 Open the Samsung SDS IAM & EMM client and tap Mobile Apps.

This screen shows the mobile applications available to you. You can only open the “Installed” applications.

2 Tap the application icon.

3 Tap Open.

Chapter 6 • Enrolling an Android device and using the Samsung SDS IAM & EMM client 53

Page 58: Samsung SDS IAM & EMM SDS IAM & EM… · IAM & EMM application to authenticate with Samsung SDS IAM & EMM Mobile Authenticator—see “Using the Samsung SDS IAM & EMM application

Using the Samsung SDS IAM & EMM client

Using the Policies screen

Shows the device policies that have been installed by your IT administrator and the outstanding items (if you have any) you need to complete to configure the device for use in the Samsung service.

Using Samsung SDS IAM & EMM Identity Service as an authenticator

You can use the Samsung SDS IAM & EMM user portal to get the one time passcode (either by scanning an external source's QR code or entering the authentication key information manually). You then can use the passcode to log in to the relevant application or website.

To scan a QR code, you must use the Samsung SDS IAM & EMM user portal application on an enrolled mobile device.

To scan a QR code:

1 Log in to the Samsung SDS IAM & EMM application on your mobile device.

2 Tap Passcodes.

The Authentication window shows any existing passcodes.

3 Tap the plus icon (+) then tap Scan QR Code.

4 Scan the external source's QR code.

The Passcodes window shows the newly generated passcode. The newly added authentication account is also added to the Passcodes page in the Accounts section of the user portal.

To enter the authentication key information manually, you can use the Samsung SDS IAM & EMM user portal on your mobile device or computer. See “Managing authentication keys” on page 46 for information on entering the authentication key information manually using your computer.

To enter the authentication key information manually on your mobile device:

1 Log in to the Samsung SDS IAM & EMM application on your mobile device.

2 Tap Passcodes.

The Passcodes window shows any existing passcodes.

3 Tap the plus icon (+) then tap Enter Authentication Key.

4 Enter the information provided by the application or website.

5 Tap Save.

Chapter 6 • Enrolling an Android device and using the Samsung SDS IAM & EMM client 54

Page 59: Samsung SDS IAM & EMM SDS IAM & EM… · IAM & EMM application to authenticate with Samsung SDS IAM & EMM Mobile Authenticator—see “Using the Samsung SDS IAM & EMM application

Using the Samsung SDS IAM & EMM client

The Passcodes window shows the newly generated passcode. The newly added authentication account is also added to the Passcodes page in the Accounts section of the user portal.

Using the Settings screen

The Settings screen contains device configuration information such as default browser settings, authentication settings, and other useful information.

Login Settings

Contains the Samsung directory service URL.

Do not change this setting unless specifically instructed to by your IT department. If the URL is wrong, you cannot use the Samsung service.

Applications

Lets you show/hide applications that are not supported on mobile device browsers.

When you tap an application that cannot be run, the Samsung SDS IAM & EMM client displays an error message and gives you the option to hide it and all other applications that are not supported. Tap Hide All to remove these applications from the screen.

To display the hidden applications, open the Settings tab in the Samsung SDS IAM & EMM client and configure the Show All Applications option.

Note: The “Show All Applications” option is not available on Samsung Knox Workspace devices.

Authentication

Lets you configure the following:

Mobile authenticator—see “Using multi factor authentication” on page 3.

Application lock settings

Allows you to configure lock options for the Samsung SDS IAM & EMM client on your device. Configurations made by the system administrator override your user configuration.

See “Securing your Samsung SDS IAM & EMM client” on page 50.

Change Password

Allows you to change your Active Directory or Samsung directory account password. See “Changing your Active Directory or user portal password” on page 50.

Browser Settings

You use this option to set your default browser and clear browsing data.

Tap Default Browser to select the default browser for you device.

Chapter 6 • Enrolling an Android device and using the Samsung SDS IAM & EMM client 55

Page 60: Samsung SDS IAM & EMM SDS IAM & EM… · IAM & EMM application to authenticate with Samsung SDS IAM & EMM Mobile Authenticator—see “Using the Samsung SDS IAM & EMM application

Using the Samsung SDS IAM & EMM client

Tap Clear Browsing Data to delete your cache an other browsing data from the built-in browser.

Debug Information

Enables activity logging, lets you send the log file to an email address, and provides GCM and MDM diagnostic information.

Do not change the Enable Debug Logging setting—this value is set by your IT department.

Profile Management

Lets you unenroll the device. See “Unenrolling your device” on page 76 for the details.

Terms

Displays the terms of use.

Using App Lock

This icon locks the Samsung SDS IAM & EMM client. If you do not have a PIN configured, then you are prompted to create one. You can also use your fingerprint for authentication if your device supports fingerprinting.

Configurations made by the system administrator override your user configuration.

See “Securing your Samsung SDS IAM & EMM client” on page 50 for configuration information.

Pending notifications

Notifications to which you have not responded can be accessed via the bell icon. The number associated with the icon shows the number of pending notification.

Chapter 6 • Enrolling an Android device and using the Samsung SDS IAM & EMM client 56

Page 61: Samsung SDS IAM & EMM SDS IAM & EM… · IAM & EMM application to authenticate with Samsung SDS IAM & EMM Mobile Authenticator—see “Using the Samsung SDS IAM & EMM application

Using the Samsung SDS IAM & EMM client

Tapping the icon displays the notifications. Expired notifications (such as MFA notifications where the default response time is 10 minutes) are grayed out and you cannot take action on them.

Accessing shortcuts

You can access the following shortcuts by long-pressing the Samsung SDS IAM & EMM application icon:

Multi-factor access (MFA) options

Top two frequently used applications

Pending notifications

Chapter 6 • Enrolling an Android device and using the Samsung SDS IAM & EMM client 57

Page 62: Samsung SDS IAM & EMM SDS IAM & EM… · IAM & EMM application to authenticate with Samsung SDS IAM & EMM Mobile Authenticator—see “Using the Samsung SDS IAM & EMM application

Using the Samsung SDS IAM & EMM client

Important: This feature is only supported on Android 7.1 and newer.

Chapter 6 • Enrolling an Android device and using the Samsung SDS IAM & EMM client 58

Page 63: Samsung SDS IAM & EMM SDS IAM & EM… · IAM & EMM application to authenticate with Samsung SDS IAM & EMM Mobile Authenticator—see “Using the Samsung SDS IAM & EMM application

About kiosk mode

About kiosk mode

Devices can be configured by your IT administrator to run in kiosk mode. When a device is configured for kiosk mode, the device opens to the Samsung SDS IAM & EMM client when you turn on the device, and it is the only application you can run on the device. You can launch the web and mobile applications assigned to you, however, there are some constraints:

There is no Authentication screen in the menu.

You can run web applications in the built-in browser only.

The Settings page does not offer some options.

Chapter 6 • Enrolling an Android device and using the Samsung SDS IAM & EMM client 59

Page 64: Samsung SDS IAM & EMM SDS IAM & EM… · IAM & EMM application to authenticate with Samsung SDS IAM & EMM Mobile Authenticator—see “Using the Samsung SDS IAM & EMM application

Creating a Samsung Knox container

Creating a Samsung Knox containerSamsung Knox Workspace devices allow you to create a password-protected workspace called the Knox container. When you open the container, it has its own home screen, launcher, browser, applications, and widgets. The applications shown in the container are separate from the applications displayed on your home screen.

This section contains the following topics:

“Using Knox containers with the Samsung service” on page 60

“Enabling Samsung Knox Workspace mode” on page 61

“Creating the Knox container” on page 61

“Configuring a Junos Pulse VPN app” on page 63

Using Knox containers with the Samsung service

After you create a Knox container, you open the web applications assigned to you by using the Samsung SDS IAM & EMM WebApps application. (The Samsung SDS IAM & EMM client does not have a Web Apps screen when your device is enabled to have a Knox container.) Samsung SDS IAM & EMM WebApps is installed automatically when you use the Samsung SDS IAM & EMM client to create the Knox container.

Note: If you un-enroll the device, the Knox container is deleted. There is no way to recover any information stored in the container.

Some Knox Workspace devices let you create two types of containers:

Enterprise container: You use the Samsung SDS IAM & EMM client to create this type of Knox container. The procedures that follow describe how to create an enterprise container by using the Samsung SDS IAM & EMM client only.

Personal container: You tap an icon on the device’s home screen to create this type of Knox container. See your device documentation for the instructions.

You can have either a personal or enterprise container—you cannot have both. If you create a personal container first, it is removed and all information within the container deleted when you create an enterprise container. If you create an enterprise container first, you cannot create a personal container.

If you are using the Samsung service for mobile device management, you create the Knox container by using the Samsung SDS IAM & EMM client. You should create the Knox container soon after you enroll the device in the Samsung service.

Creating a Knox container is a two part process:

First, you enable Samsung Knox Workspace mode.

Second, you create the Knox container.

If you are not using the Samsung service for mobile device management, contact your IT department to get the following instructions:

Chapter 6 • Enrolling an Android device and using the Samsung SDS IAM & EMM client 60

Page 65: Samsung SDS IAM & EMM SDS IAM & EM… · IAM & EMM application to authenticate with Samsung SDS IAM & EMM Mobile Authenticator—see “Using the Samsung SDS IAM & EMM application

Creating a Samsung Knox container

Creating the Knox container.

Installing the Samsung SDS IAM & EMM WebApps application in the container.

After you have installed Samsung SDS IAM & EMM WebApps, go to “Using Knox containers” on page 65.

Enabling Samsung Knox Workspace mode

Before you can create a Knox container, you must confirm that you have a license to do so. This procedure displays the license terms and then confirms that your organization has a valid license.

To activate the container license:

1 Open the Samsung SDS IAM & EMM client and tap the Policies.

2 Under SETUP REQUIRED, tap Enable Samsung Knox Workspace Mode.

If you do not see either SETUP REQUIRED or Enable Samsung Knox Workspace Mode, contact your IT administrator.

3 Read through the privacy policy, tap the acknowledgment check box, and then tap Confirm.

Creating the Knox container

Some devices are configured by your IT administrator to create the Knox container after you enroll the device. If a second Privacy Policy screen was displayed when you enrolled the device, proceed to “To create a Knox enterprise container on Knox version 2 devices:” on page 62 to complete enrollment and Knox container creation.

After you enable Samsung Knox Workspace mode, the Samsung SDS IAM & EMM client displays Create Knox container under SETUP REQUIRED on the Policies screen. If you do not see this option, contact your IT department.

The procedure you use to create the container depends upon the version of the Knox software in your device. The following procedure shows you how to determine the Knox version on your device.

To determine the Knox version in your device:

1 Open the Samsung SDS IAM & EMM user portal in your browser and click the Devices tab.

2 Click the Samsung Knox Workspace device and click Details.

Chapter 6 • Enrolling an Android device and using the Samsung SDS IAM & EMM client 61

Page 66: Samsung SDS IAM & EMM SDS IAM & EM… · IAM & EMM application to authenticate with Samsung SDS IAM & EMM Mobile Authenticator—see “Using the Samsung SDS IAM & EMM application

Creating a Samsung Knox container

3 Under Operating System Settings, see the Knox Workspace SDK Version. The value of this setting indicates your Knox device version:

To create a Knox enterprise container on Knox version 1 devices:

1 Open the Samsung SDS IAM & EMM client on the device, touch the menu icon, and touch Policies.

2 Under SETUP REQUIRED, touch Enable Samsung Knox Workspace mode.

The Privacy Policy screen is displayed.

3 Read the policies, tap the acknowledgment check box, and tap Confirm.

4 Touch OK.

5 Under SETUP REQUIRED, touch Create Knox container.

The Samsung SDS IAM & EMM client displays a screen with the Knox container Terms and conditions and Privacy Policy.

6 Read the policies, touch I accept all the terms above, and touch Confirm.

This begins the Knox container software download process. This takes a minute or two.

7 Enter and enter again your password for opening the Knox container and touch Next.

This begins the Knox container installation process. This takes a couple of minutes.

8 Touch Launch.

You are now in the Samsung Knox container.

To create a Knox enterprise container on Knox version 2 devices:

1 Open the Samsung SDS IAM & EMM client, click the menu icon, and touch Policies.

2 Under SETUP REQUIRED, touch Create Knox container.

3 Select your Knox unlock method.

Select either Password (alphanumeric and special characters), PIN (numbers only), or Pattern (a specific sequence of strokes), Fingerprint (register your fingerprint on the subsequent screens), Two-step verification (select your two-step verification on the subsequent screens).

Knox Workspace SDK version Knoxcontainer version

Go to

KNOX_ENTERPRISE_SDK_VERSION_1_n_n

1 “To create a Knox enterprise container on Knox version 1 devices:” on page 62

KNOX_ENTERPRISE_SDK_VERSION_2_n

2 “To create a Knox enterprise container on Knox version 2 devices:” on page 62

Chapter 6 • Enrolling an Android device and using the Samsung SDS IAM & EMM client 62

Page 67: Samsung SDS IAM & EMM SDS IAM & EM… · IAM & EMM application to authenticate with Samsung SDS IAM & EMM Mobile Authenticator—see “Using the Samsung SDS IAM & EMM application

Creating a Samsung Knox container

4 Set the security timeout.

The security timeout is a time period of inactivity after which the container is locked.

5 Tap Next.

6 Enter your password, PIN, or pattern. Touch Continue.

7 Repeat and touch OK.

8 Tap Next.

You are now in the Knox container.

Configuring a Junos Pulse VPN app

A VPN—virtual private network—is a mobile application deployed by your IT department that provides a secure communication channel between an application running on your device and the application’s servers elsewhere on the Internet. You may have one or more VPN profiles on your device.

If you have the “Device VPN Policies,” option in your SETUP REQUIRED area (on the Policies page) touch Device VPN Policies to display the list of VPN Profiles. Then, touch each VPN profile (you may have more than one) to see what remains to be configured.

If the message indicates you have a Junos Pulse client that is installed, use the following procedure to complete the installation.

Note If the error message indicates that a “VPN client needs to be installed,” contact your IT administrator. The Junos Pulse application needs to be installed on your device before you can proceed.

To complete the configuration of a Junos Pulse VPN:

1 If you are in the Samsung SDS IAM & EMM client, close it.

2 Open the Junos Pulse application.

If the icon does not appear on your device’s home screen, touch the Apps icon on your home screen to find it.

3 Read through and tap Accept in the end user license agreement.

4 Close Junos Pulse.

5 If you have a Knox version 2 container, tap the Knox icon to open it.

If you have a Knox version 1 container, skip to Step 10

6 Open the Junos Pulse application installed in the container.

If the icon does not appear on your devices home screen, touch the Apps icon in the container to find it.

Chapter 6 • Enrolling an Android device and using the Samsung SDS IAM & EMM client 63

Page 68: Samsung SDS IAM & EMM SDS IAM & EM… · IAM & EMM application to authenticate with Samsung SDS IAM & EMM Mobile Authenticator—see “Using the Samsung SDS IAM & EMM application

Creating a Samsung Knox container

7 Read through and tap Accept in the end user license agreement.

8 Close Junos Pulse.

9 Touch the Personal icon to exit the Knox container.

10 Open the Samsung SDS IAM & EMM client, touch the menu icon, and touch Policies.

11 Under SETUP REQUIRED, tap Device VPN Policies.

12 Tap the JunosPulse VPN profile.

13 Tap Retry.

Chapter 6 • Enrolling an Android device and using the Samsung SDS IAM & EMM client 64

Page 69: Samsung SDS IAM & EMM SDS IAM & EM… · IAM & EMM application to authenticate with Samsung SDS IAM & EMM Mobile Authenticator—see “Using the Samsung SDS IAM & EMM application

Using Knox containers

Using Knox containersAfter you create the Knox container, there are two icons you use to enter and exit the container.

To enter the container from your home screen, tap this icon:

This icon is added to your device’s Apps screen when you create the container.

You can also enter the container by dragging down on the device’s notification bar and tapping “Samsung Knox Tap to Start.”

To exit the container you tap this icon.

The default applications in the container—for example, Email, Calendar, and Contacts—are separate from the same applications in personal mode (that is, outside the container). You configure them separately and the data in the container application is separate from the data in the personal version.

Note On Knox version 2 containers, you may be able to synchronize data between Knox mode and personal mode applications. If you do, the applications are listed on the Policies screen in the Samsung SDS IAM & EMM client. Expand Container Application Policies; the applications are listed under the heading, SYNC DATA WITH CONTAINER ALLOWED.

You use the Samsung SDS IAM & EMM WebApps application installed in the container to open the web applications assigned to you. See “Using Samsung SDS IAM & EMM WebApps” on page 68 for the details.

You may be able to add mobile applications to the container too. See “Installing mobile applications on Samsung Workspace devices” on page 71 for the details.

Moving files between the Knox container and the device

You may be able to move files between the Knox container and the device. This feature is enabled by your IT department. You use the My Files application in both the container and on the device to move the files. You can move files only—you cannot copy them.

To move a file from the container to the device:

1 Open the Knox container.

2 Open My Files.

Chapter 6 • Enrolling an Android device and using the Samsung SDS IAM & EMM client 65

Page 70: Samsung SDS IAM & EMM SDS IAM & EM… · IAM & EMM application to authenticate with Samsung SDS IAM & EMM Mobile Authenticator—see “Using the Samsung SDS IAM & EMM application

Using Knox containers

3 Tap the folder with the files you want to move.

4 Tap the device’s menu key and tap Select item.

5 Tap to select each file you want to move.

6 Tap the device’s menu key again and select Move to Personal Mode.

The files are moved to the corresponding folder on the device.

To move a file from the device to the container

1 Open My Files on the device’s home screen

2 Tap the folder with the files you want to move.

3 Tap the device’s menu key and tap Select item.

4 Tap to select each file you want to move.

5 Tap the device’s menu key again and select Move to Knox.

The files are moved to the corresponding folder in the container.

Installing applications from personal mode

You may be able to install mobile applications that are installed in personal mode in the Knox container. The availability of this feature depends on the policy configured by your IT department.

To install applications in personal mode in the Knox container:

1 Touch the Knox Settings application.

2 Touch App installation manager.

Note If App installation manager is dimmed, your IT department has disabled this policy.

3 Touch the application you want to install in the Knox container.

Note If the Samsung SDS IAM & EMM client is listed do not install it.

4 Touch OK to confirm.

Repeat to install more applications.

Removing a Knox container

If your organization is using the Samsung service for mobile device management, you remove a Knox enterprise container using the Samsung SDS IAM & EMM user portal to send the Remove Container command to the device (see “Sending commands to devices” on page 35). An IT administrator can also remove an enterprise container using the Samsung

Chapter 6 • Enrolling an Android device and using the Samsung SDS IAM & EMM client 66

Page 71: Samsung SDS IAM & EMM SDS IAM & EM… · IAM & EMM application to authenticate with Samsung SDS IAM & EMM Mobile Authenticator—see “Using the Samsung SDS IAM & EMM application

Using Knox containers

service administrator’s tools. All data files in the container are deleted and all container applications are uninstalled when you remove the container.

The enterprise container is removed automatically when you unenroll the device.

Chapter 6 • Enrolling an Android device and using the Samsung SDS IAM & EMM client 67

Page 72: Samsung SDS IAM & EMM SDS IAM & EM… · IAM & EMM application to authenticate with Samsung SDS IAM & EMM Mobile Authenticator—see “Using the Samsung SDS IAM & EMM application

Using Samsung SDS IAM & EMM WebApps

Using Samsung SDS IAM & EMM WebAppsYou use the Samsung SDS IAM & EMM WebApps application to open the web applications assigned to you by your IT department and those you have added from the Samsung SDS IAM & EMM user portal (see “Adding web applications to the Apps page” on page 20).

The following table shows symbols that you may see associated with some applications:

The Samsung SDS IAM & EMM WebApps application updates the apps listing every time you open the program. To see if any more applications have been assigned by your IT department, you can also refresh the list manually.

Launching web applications

You open web applications from the Samsung SDS IAM & EMM WebApps home screen. Some applications open only in the Samsung SDS IAM & EMM WebApps browser. Others can be opened in a browser of your choice. It may be more convenient for you to open all application in the Samsung SDS IAM & EMM WebApps browser. For example, the Samsung SDS IAM & EMM WebApps browser lets you have multiple applications open and easily move from one to the other.

The first time you open an application that does not require the Samsung SDS IAM & EMM WebApps browser, you are prompted in a pop up window to select the default browser. Your choices are the Samsung SDS IAM & EMM WebApps built-in browser and any

Symbol What it means

Application settings.

Allows you access to settings, such as user name and password.

Blocked by policy. You cannot open this application from your device.

For example, an application can be configured so that you can open it from your office computer but not on your phone when you are outside the corporate WiFi network.

Blocked by the browser. You cannot open this application because it is not supported on the device’s web browser.

Indicates that you do not need to enter any log in credentials to access the application. Your system administrator has configured for all users to use the same log in credentials, so the identity platform automatically logs you in using those credentials.

Indicates that this application has been newly deployed by your system administrator. After you launch the application or access Application Settings, this symbol is automatically removed. The same actions performed on the user portal will also remove the symbol and visa versa.

Chapter 6 • Enrolling an Android device and using the Samsung SDS IAM & EMM client 68

Page 73: Samsung SDS IAM & EMM SDS IAM & EM… · IAM & EMM application to authenticate with Samsung SDS IAM & EMM Mobile Authenticator—see “Using the Samsung SDS IAM & EMM application

Using Samsung SDS IAM & EMM WebApps

installed application that claims to have browser capability. You can change the default browser in the Samsung SDS IAM & EMM WebApps Settings menu.

Samsung SDS IAM & EMM WebApps provides single sign-on for web applications. The first time you sign in to the application, Samsung SDS IAM & EMM WebApps prompts you to enter the user name and password you use for this application and then securely stores your entries. The next time you sign in, Samsung SDS IAM & EMM WebApps silently authenticates you.

Note You can turn off single sign-on. See “Sending commands to devices” on page 35 for the details.

To launch a web application:

1 Open the Samsung SDS IAM & EMM WebApps application.

This web applications available to you are displayed.

2 Tap the application you want to open.

3 Enter the user name and password you use to sign in to this application.

Note The user name and password you use to open your account on the application may be different from the credentials you used to enroll the device. Be sure to use the credentials required by this application.

4 Tap Save.

You only need to do this once. The next time you open this application, the Samsung service logs you in automatically.

To save your credentials without logging in:

1 Open the Samsung SDS IAM & EMM WebApps application.

2 Tap the gear icon for the relevant application.

3 Enter your user name and password for the application.

Enter the user name and password you use to log in to this application. They may be different from the user credentials entered to enroll the device and for other applications.

4 Tap Save.

Opening multiple applications in Samsung SDS IAM & EMM WebApps

The Samsung SDS IAM & EMM WebApps browser lets you run multiple applications at the same time. After you open the first application, you simply touch the back arrow to open another.

Chapter 6 • Enrolling an Android device and using the Samsung SDS IAM & EMM client 69

Page 74: Samsung SDS IAM & EMM SDS IAM & EM… · IAM & EMM application to authenticate with Samsung SDS IAM & EMM Mobile Authenticator—see “Using the Samsung SDS IAM & EMM application

Using Samsung SDS IAM & EMM WebApps

This returns you to the Samsung SDS IAM & EMM WebApps home screen. Touch another application to open it. The next application that opens in the Samsung SDS IAM & EMM WebApps browser runs in a separate tab.

Adding applications to the home screen

You can create a short-cut to an application by adding it to the home screen within the container. If you have configured application lock for the Samsung SDS IAM & EMM WebApps application, then you will need to provide the PIN or swipe your fingerprint to access the application.

Note This feature is only supported in launcher view. It is not supported in folder view. View configurations vary for different device models.

To add the application to the home screen:

1 Open the Samsung SDS IAM & EMM WebApps application.

2 Tap the application settings icon (three vertical dots) associated with the relevant application and select Add to Home Screen.

The application is added to the container home screen.

Chapter 6 • Enrolling an Android device and using the Samsung SDS IAM & EMM client 70

Page 75: Samsung SDS IAM & EMM SDS IAM & EM… · IAM & EMM application to authenticate with Samsung SDS IAM & EMM Mobile Authenticator—see “Using the Samsung SDS IAM & EMM application

Installing mobile applications on Samsung Workspace devices

Installing mobile applications on Samsung Workspace devices

Where and how you install mobile applications on Samsung Workspace devices depends upon your device’s Knox version. See “To determine the Knox version in your device:” on page 61 to find out the Knox container version number.

If you have a Knox version 1 device, you can add mobile applications in the container from the Samsung Knox Apps store. Open the container and click the Samsung Knox Apps icon to open the store.

You can also install the mobile applications deployed to you by your IT department. See “Installing mobile applications deployed to you on Knox version 1 devices” on page 71.

If you have a Knox version 2 device, you can add mobile applications from the Samsung Knox Apps store. In addition, you may also be able to add applications from Google Play and applications you have installed outside the container. This is a permission granted by your IT department.

You can also install the mobile applications deployed to you by your IT department. See “Installing mobile applications deployed to you in Knox version 2 containers” on page 72.

Installing mobile applications deployed to you on Knox version 1 devices

The mobile applications deployed to you by your IT department are listed on the Mobile Apps screen in the Samsung SDS IAM & EMM client. Minimally, the Samsung SDS IAM & EMM WebApps application is listed here after you create a KNOX container. If that is the only application listed, you can skip this topic.

The applications are listed as either “Recommended” or “Optional.” The “Recommended” applications are installed automatically. You have to install applications listed under “Optional” manually.

1 To install optional mobile application on a Knox version 1 device:

1 Open Samsung SDS IAM & EMM client on your device.

2 Touch Mobile Apps.

3 The next screen indicates whether the application will be installed outside or inside the container.

If you see INSTALL, touch the button, and the application is installed outside the container.

If you see Knox INSTALL, touch the button, and the application is installed inside the container.

Chapter 6 • Enrolling an Android device and using the Samsung SDS IAM & EMM client 71

Page 76: Samsung SDS IAM & EMM SDS IAM & EM… · IAM & EMM application to authenticate with Samsung SDS IAM & EMM Mobile Authenticator—see “Using the Samsung SDS IAM & EMM application

Installing mobile applications on Samsung Workspace devices

4 Follow the application’s installation instructions or follow the instructions provided by your IT department.

Installing mobile applications deployed to you in Knox version 2 containers

The mobile applications deployed to you by your IT department are listed on the Mobile Apps screen in the Samsung SDS IAM & EMM client. Minimally, the Samsung SDS IAM & EMM WebApps application is listed here after you create a KNOX container. If that is the only application listed, you can skip this topic.

The applications are listed as either “Recommended” or “Optional.” The “Recommended” applications are installed automatically. You have to install applications listed under “Optional” manually.

You may have additional functionalities depending on the mobile device policies set by your IT administrator. You can determine which policies are enabled for you in the Policies screen.

To install optional mobile application in a Knox version 2 container:

1 Open Samsung SDS IAM & EMM client on your device.

2 Tap Mobile Apps.

3 Tap Install for the application you want to install.

The mobile application is installed inside the container.

4 Follow the installation instructions or follow the instructions provided by your IT department.

The application is added to the Apps screen inside the container. You can also open the application from the Samsung SDS IAM & EMM client.

To determine your mobile device policies:

Note This permission only applies to Samsung Galaxy S5 devices.

1 Open the Samsung SDS IAM & EMM client and touch the Policies.

2 Scroll down to the SAMSUNG Knox WORKSPACE POLICIES.

3 Touch Google Play Policies.

If “Enable Google Play” is enabled, the Play Store icon should appear inside the container.

4 Click < in the banner to return to the Policies home page and touch Container Application Policies.

Chapter 6 • Enrolling an Android device and using the Samsung SDS IAM & EMM client 72

Page 77: Samsung SDS IAM & EMM SDS IAM & EM… · IAM & EMM application to authenticate with Samsung SDS IAM & EMM Mobile Authenticator—see “Using the Samsung SDS IAM & EMM application

Installing mobile applications on Samsung Workspace devices

If the Moving Applications to Container policy is Enabled you can move applications installed outside the container to inside the container.

To add applications from outside the container to inside the container:

1 Open the container.

2 Touch the Knox Settings icon.

3 Tap App installation manager.

4 Tap the application you want to install in the container.

The application is added to the container’s App catalog.

Chapter 6 • Enrolling an Android device and using the Samsung SDS IAM & EMM client 73

Page 78: Samsung SDS IAM & EMM SDS IAM & EM… · IAM & EMM application to authenticate with Samsung SDS IAM & EMM Mobile Authenticator—see “Using the Samsung SDS IAM & EMM application

Locking a Knox container

Locking a Knox containerThere are two ways to lock access to the Knox container:

Force password entry.

By default, you can switch back and forth freely between the Samsung Knox container and your home screen. However, you can also lock the container so that you are prompted to enter your password the next time you try to open it.

Disable access.

You can use a Samsung SDS IAM & EMM user portal command to prevent any access to the Knox container. The Knox container cannot be opened again until the device receives and enable container command.

To force the password prompt to open the Knox container:

1 Turn on the device.

2 Drag down on the notification bar.

3 Tap the Knox lock icon.

The next time you open the Knox container, you are prompted to enter your password.

Note This is the only time you will be prompted. Subsequently, you can open the Knox container without the password.

To lock access to the Knox container from the user portal:

1 Open the Samsung SDS IAM & EMM user portal.

2 Click the device.

3 Click the Container Management drop-down menu.

4 Select Lock Container.

The next time the Knox container is opened, an error message indicating the Knox container has been locked is displayed.

To unlock the Knox container, you or are administrator must send the Enable Container command to the device.

To unlock access to the Knox container from the user portal:

1 Open the Samsung SDS IAM & EMM user portal.

2 Click the device.

3 Click the Container Management drop-down menu.

4 Select Unlock Container.

Chapter 6 • Enrolling an Android device and using the Samsung SDS IAM & EMM client 74

Page 79: Samsung SDS IAM & EMM SDS IAM & EM… · IAM & EMM application to authenticate with Samsung SDS IAM & EMM Mobile Authenticator—see “Using the Samsung SDS IAM & EMM application

Locking a Knox container

The next time you open the Knox container, you are prompted to enter your Knox container password.

Chapter 6 • Enrolling an Android device and using the Samsung SDS IAM & EMM client 75

Page 80: Samsung SDS IAM & EMM SDS IAM & EM… · IAM & EMM application to authenticate with Samsung SDS IAM & EMM Mobile Authenticator—see “Using the Samsung SDS IAM & EMM application

Unenrolling your device

Unenrolling your device Unenrolling your device from the Samsung service removes the mobile device policies from your device. It does not, however, remove the Samsung SDS IAM & EMM client from your device nor any mobile applications installed via the Samsung SDS IAM & EMM client. The next time you open the Samsung SDS IAM & EMM client, it prompts you to enroll the device.

Notes

The ability to unenroll your device is controlled by your IT administrator. This option may not be available to you.

If you have created a Samsung Knox container, unenrolling the device removes the Samsung Knox container.

If you are upgrading the Samsung SDS IAM & EMM client from a previous version, remove any version that is version number 13.8 or earlier. The Settings screen in the Samsung SDS IAM & EMM client shows the version number.

The following procedure unenrolls the device. If you want to uninstall the Samsung SDS IAM & EMM client as well, use the standard Android Application manager procedure.

To unenroll an Android device:

1 Open the Samsung SDS IAM & EMM client on the device.

2 Tap Settings.

3 Scroll down and tap Unenroll.

If you do not see the Unenroll option, it means that you do not have the permission to unenroll this device.

4 Confirm that you want to remove your profiles.

Chapter 6 • Enrolling an Android device and using the Samsung SDS IAM & EMM client 76

Page 81: Samsung SDS IAM & EMM SDS IAM & EM… · IAM & EMM application to authenticate with Samsung SDS IAM & EMM Mobile Authenticator—see “Using the Samsung SDS IAM & EMM application

Uninstalling the Samsung SDS IAM & EMM client

Uninstalling the Samsung SDS IAM & EMM clientBefore you can uninstall the Samsung SDS IAM & EMM client from an Android device, you must first unenroll the device from the Samsung service—see “Unenrolling your device” on page 76. After you have unenrolled the device, you use the Android device’s application manager to remove the Samsung SDS IAM & EMM client.

Chapter 6 • Enrolling an Android device and using the Samsung SDS IAM & EMM client 77

Page 82: Samsung SDS IAM & EMM SDS IAM & EM… · IAM & EMM application to authenticate with Samsung SDS IAM & EMM Mobile Authenticator—see “Using the Samsung SDS IAM & EMM application

Chapter 7

Enrolling a Windows 10 Device

After you receive notification from your systems administrator that Windows 10 device enrollment is ready, you can enroll your device. You need the following to enroll your device:

Device must be Windows 10 at version 16.07 or newer

Your Active Directory/LDAP username and password

Internet access on your Windows 10 device

This procedure is performed on the device in which you want to enroll.

To enroll the device:

1 Click the Windows icon and type "connect to work".

2 Click the option when it displays.

3 Click Enroll only in device management.

Chapter 7 • Enrolling a Windows 10 Device 78

Page 83: Samsung SDS IAM & EMM SDS IAM & EM… · IAM & EMM application to authenticate with Samsung SDS IAM & EMM Mobile Authenticator—see “Using the Samsung SDS IAM & EMM application

4 Enter the Active Directory username.

5 Click Next.

The Samsung SDS IAM & EMM User Suite portal/application login prompt displays with your username already configured.

6 Click Next.

7 Enter the account password and click Next.

Device enrollment begins.

8 Confirm that the device is enrolled.

Chapter 7 • Enrolling a Windows 10 Device 79

Page 84: Samsung SDS IAM & EMM SDS IAM & EM… · IAM & EMM application to authenticate with Samsung SDS IAM & EMM Mobile Authenticator—see “Using the Samsung SDS IAM & EMM application

User configuration of browser for certificate auto select

User configuration of browser for certificate auto select

Each time you log in to your Windows device, the web browsers are configured by default to prompt you to accept the certificate. You can change this default browser behavior for Internet Explorer (IE) and Firefox if your systems administrator has not configured it. You systems administrator must configure certificate auto select for Chrome.

Configuring Internet Explorer (IE)

Do the following for on an IE browser:

1 Open the Windows Control Panel.

2 Select Internet Options > Security tab > Custom Level.

3 Select Enable for the “Don’t prompt for client certificate selection when only certificate exists”.

Chapter 7 • Enrolling a Windows 10 Device 80

Page 85: Samsung SDS IAM & EMM SDS IAM & EM… · IAM & EMM application to authenticate with Samsung SDS IAM & EMM Mobile Authenticator—see “Using the Samsung SDS IAM & EMM application

User configuration of browser for certificate auto select

4 Select OK.

5 Select Yes on the confirmation window.

6 Select Apply/Ok on the subsequent windows.

Configuring Firefox

Do the following from a Firefox browser window:

1 Select the Menu icon > Options.

Chapter 7 • Enrolling a Windows 10 Device 81

Page 86: Samsung SDS IAM & EMM SDS IAM & EM… · IAM & EMM application to authenticate with Samsung SDS IAM & EMM Mobile Authenticator—see “Using the Samsung SDS IAM & EMM application

User configuration of browser for certificate auto select

2 Select Advanced > either Encryption tab or Certificates tab > Select one automatically.

3 Close the browser window.

Chapter 7 • Enrolling a Windows 10 Device 82

Page 87: Samsung SDS IAM & EMM SDS IAM & EM… · IAM & EMM application to authenticate with Samsung SDS IAM & EMM Mobile Authenticator—see “Using the Samsung SDS IAM & EMM application
Page 88: Samsung SDS IAM & EMM SDS IAM & EM… · IAM & EMM application to authenticate with Samsung SDS IAM & EMM Mobile Authenticator—see “Using the Samsung SDS IAM & EMM application

 

www.sds.samsung.co.kr

copyright ⓒ 2017 Samsung SDS Co., Ltd. All rights reserved.